Re: GCC 2.7.? /tmp files

From: Perry E. Metzger (perryat_private)
Date: Sun Jan 18 1998 - 18:18:44 PST

Next message: Michał Zalewski: "MC shell scripts"

Previous message: Theo de Raadt: "Re: GCC 2.7.? /tmp files"
Maybe in reply to: Michał Zalewski: "GCC 2.7.? /tmp files"
Next in thread: Zack Weinberg: "Re: GCC 2.7.? /tmp files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Theo de Raadt writes:
> In OpenBSD we have fixed hundreds of these /tmp races.  I do not
> believe there is a simple answer.

I believe there is.

General publically writable /tmp directories are bad. Systems should
move towards using /tmp/${USER}/ directories on a per-user basis, with
these directories being only touchable by the user. These would cut,
in a gordion knot fashion, literally hundreds of exploits that have
shown up in dozens of places.

I believe, btw, that a similar general fix might help out the
spate of /var/mail security problems.

Perry

Next message: Michał Zalewski: "MC shell scripts"
Previous message: Theo de Raadt: "Re: GCC 2.7.? /tmp files"
Maybe in reply to: Michał Zalewski: "GCC 2.7.? /tmp files"
Next in thread: Zack Weinberg: "Re: GCC 2.7.? /tmp files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:48 PDT