Re: another /tmp race: `perl -e' opens temp file not safely

From: Theo de Raadt (deraadtat_private)
Date: Sat Mar 07 1998 - 22:44:18 PST

Next message: stanislav shalunov: "Re: another /tmp race: `perl -e' opens temp file not safely"

Previous message: dorqus maximus: "Plaintext passwords in Chase Online Banking"
Maybe in reply to: stanislav shalunov: "another /tmp race: `perl -e' opens temp file not safely"
Next in thread: stanislav shalunov: "Re: another /tmp race: `perl -e' opens temp file not safely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> All this complexity of trivial things (just open a temp file) is one
> of the reasons I think the whole idea of /tmp is a fundamental
> misdesign and eventually one should be able to chmod it to 755 (while
> programs should use per-user TMPDIRs).

Which, as I've said before, works REALLY well for setuid programs.

Imagine:

TMPDIR=/

Or how would you solve that problem?

Next message: stanislav shalunov: "Re: another /tmp race: `perl -e' opens temp file not safely"
Previous message: dorqus maximus: "Plaintext passwords in Chase Online Banking"
Maybe in reply to: stanislav shalunov: "another /tmp race: `perl -e' opens temp file not safely"
Next in thread: stanislav shalunov: "Re: another /tmp race: `perl -e' opens temp file not safely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:30 PDT