Re: deleting content of /tmp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/25/07 20:48, Henrique de Moraes Holschuh wrote:
> On Sat, 24 Mar 2007, Ron Johnson wrote:
>>> On the contrary. It makes it so that the only way that someone can get
>>> to the file is by having cracked the kernel itself. That is, without
>>> the file descriptor, no other process can get to the data. For example,
>>> qemu does this. Lots of other programs do this as well for security.
>>> They open the file, immediately unlink it and then the only access is
>>> via the file descriptor.
>> That reminds me of the Vietnam War philosophy "we had to destroy the
>> village in order to save the village". It was bad "design" 40 years
>> ago, it's a bad design now.
>
> No. You destroy the village in order for it not be able to bother you
> anymore, because you care a lot more about your objectives than the people
> in the village.
>
> And it is *excellent* design to unlink an open file depending on what you
> want it for. It is the only failure-proof way to make sure temporary files
> cannot be attacked from outside, and also that they will disappear if the
> program crashes, exits, or has other problems. You can easily change that
> to a "unlink on sucessfull exit" thing when running in debug mode, too.
It's excellent only if your filesystem does not have rich-enough
semantics to protect your files from outside snoops.
>
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGB3vJS9HxQb37XmcRAjSyAJ46AboMCbnL58NTMMZpNMCRSN5yyACgj4ln
bXIp6JISHhA532jpXiPj3Mo=
=GM7k
-----END PGP SIGNATURE-----
Reply to: