Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
temp-file creation vulnerability in rdbSave function #1560
I have been trying to reach the Redis maintainers since 2013-09-13
Therefore I would like to encourage the Redis team to be more
I think I might have discovered a security vulnerability in Redis
In line 641, the function does not use a security temporary file creation
The code should be creating the temporary file using some kind of safe
The advisory is posted here:
@megahall does this issue have CVE identifier? Please do request one publicly from oss-security. Documentation: http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
Hello, the reason I did not replied is because this security bug report is absurd.
Security must be evaluated in the context of a given software. With Redis CONFIG SET you can make the server chdir to whatever directory you want, fill the DB with a given set of keys that will result in a specific RDB file, change the name of the target file, and use SAVE in order to write random files with mostly attacker-chosen content around the filesystem.
In the light of the above, do you think that the symlink vulnerability in Redis is significant?
Sent from my mobile device.
On April 23, 2014 7:02:32 AM PDT, Salvatore Sanfilippo email@example.com wrote:
While this issue involves temporary file creation, it does not involve typical security issues with temporary files.
Because of that, the usual issues around choosing a non-existing random temp file name, handling the inherent race condition, opening exclusively etc. don't apply.
Closing this issue now, and I will verify the documentation does indeed mention the need for a secure