Theo de Raadt writes: > In OpenBSD we have fixed hundreds of these /tmp races. I do not > believe there is a simple answer. I believe there is. General publically writable /tmp directories are bad. Systems should move towards using /tmp/${USER}/ directories on a per-user basis, with these directories being only touchable by the user. These would cut, in a gordion knot fashion, literally hundreds of exploits that have shown up in dozens of places. I believe, btw, that a similar general fix might help out the spate of /var/mail security problems. Perry
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:48 PDT