/tmp exploits
We should modify our libc so that opening a file in /tmp or /var/tmp -
determined by simple string comparison of the filename passed to
open(2) - fails if O_CREAT is specified without O_EXCL.
We should do this in slink. That way almost any program with a /tmp
security hole will stop working straight away and _have_ to be fixed.
Ian.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: