For this task, you will need to pair up with one of your classmates: first, each of you will write a simple C program that uses temporary files in an insecure manner. When this is done, you will exploit the program written by your colleague (and they will exploit yours). Finally, you will fixe the problem in your program and have your colleague check that they can no longer fool your program. Before we begin, let's recap why temporary files are used: * useful for communication * and/or co-opting *external tools* * to a lesser degree to store large data * should be *removed* upon exit * usually created in a special, system-wide directory # Vulnerable Program In our case, we will be using `/tmp` for creating temporary files, since this is the usual location on UNIX systems. The recommended way to create temporary files is by using: * `mkstemp` to create and open a file * and `mkdtemp` to create a temporary directory The details can be found in the respective manual pages. See: $ man mkstemp $ man mkdtemp The simplest way to use the functions would be this: char fn[] = "/tmp/mytmpdir.XXXXXX"; if ( !mkdtemp(fn) ) return ERROR; /* ... */ rmdir( fn ); However, we won't use those functions. Instead, we will go with the most vulnerable thing: just use the username to create the temporary file. Write a program that: * creates `/tmp/$LOGNAME..tmp` * writes a message into this file * sleeps for 10 seconds * unlinks the file and terminates Where $LOGNAME can be obtained in a C program by calling `getenv( "LOGNAME" )`. You can use `asprintf` or `snprintf` to build the path. # Exploit When your paired up classmate is ready, run the program you wrote a few times so they can observe its behaviour. Do not tell them anything about the name that you chose for the temporary file. When they are satisfied they learned enough, flip the roles. The goal of each party is to read the message the other person's program writes into the temporary file. When this is achieved, discuss what the problem with the program was, fix the particular problem and try again. Iterate until the program is secure. When you are done with this task, move on to `preload.txt`.