Re: /tmp exploits

To: Ian Jackson <ijackson@chiark.greenend.org.uk>, Debian developers list <debian-devel@lists.debian.org>
Subject: Re: /tmp exploits
From: Avery Pennarun <apenwarr@worldvisions.ca>
Date: Mon, 20 Apr 1998 08:35:24 -0400
Message-id: <[🔎] 19980420083524.59939@worldvisions.ca>
In-reply-to: <[🔎] E0yRFYQ-0000Q7-00@chiark.greenend.org.uk>; from Ian Jackson on Mon, Apr 20, 1998 at 01:20:10PM +0100
References: <[🔎] E0yRFYQ-0000Q7-00@chiark.greenend.org.uk>

On Mon, Apr 20, 1998 at 01:20:10PM +0100, Ian Jackson wrote:

> We should modify our libc so that opening a file in /tmp or /var/tmp -
> determined by simple string comparison of the filename passed to
> open(2) - fails if O_CREAT is specified without O_EXCL.
> 
> We should do this in slink.  That way almost any program with a /tmp
> security hole will stop working straight away and _have_ to be fixed.

And then change libc back, presumably, before making the next stable
release?  In that case, I think it may be a good idea.

But how about this:  I often extract tar files to a directory in /tmp.  If
/home is nfs-mounted, this can be considerably faster, and it gets cleaned
up automatically sooner or later.  'tar' almost certainly doesn't open files
with O_EXCL... maybe it should?

Avery

--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- /tmp exploits
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: /tmp exploits
Next by Date: Re: Intent to package: debian-keyring
Previous by thread: /tmp exploits
Next by thread: Re: /tmp exploits
Index(es):
- Date
- Thread