Join GitHub today
temp-file creation vulnerability in rdbSave function #1560
I have been trying to reach the Redis maintainers since 2013-09-13
Therefore I would like to encourage the Redis team to be more
I think I might have discovered a security vulnerability in Redis
In line 641, the function does not use a security temporary file creation
The code should be creating the temporary file using some kind of safe
The advisory is posted here:
referenced this issue
Apr 10, 2014
Hello, the reason I did not replied is because this security bug report is absurd.
Security must be evaluated in the context of a given software. With Redis CONFIG SET you can make the server chdir to whatever directory you want, fill the DB with a given set of keys that will result in a specific RDB file, change the name of the target file, and use SAVE in order to write random files with mostly attacker-chosen content around the filesystem.
In the light of the above, do you think that the symlink vulnerability in Redis is significant?
Sent from my mobile device.
On April 23, 2014 7:02:32 AM PDT, Salvatore Sanfilippo email@example.com wrote: