[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

/tmp exploits



We should modify our libc so that opening a file in /tmp or /var/tmp -
determined by simple string comparison of the filename passed to
open(2) - fails if O_CREAT is specified without O_EXCL.

We should do this in slink.  That way almost any program with a /tmp
security hole will stop working straight away and _have_ to be fixed.

Ian.


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Reply to: