Re: /tmp exploits

To: Ian Jackson <ijackson@chiark.greenend.org.uk>
Cc: Debian developers list <debian-devel@lists.debian.org>
Subject: Re: /tmp exploits
From: Manoj Srivastava <srivasta@datasync.com>
Date: 20 Apr 1998 13:58:54 -0500
Message-id: <[🔎] 87zphg9v69.fsf@tiamat.datasync.com>
In-reply-to: Ian Jackson's message of "Mon, 20 Apr 1998 13:20:10 +0100"
References: <[🔎] E0yRFYQ-0000Q7-00@chiark.greenend.org.uk>

Hi,
>>"Ian" == Ian Jackson <ijackson@chiark.greenend.org.uk> writes:

Ian> We should modify our libc so that opening a file in /tmp or
Ian> /var/tmp - determined by simple string comparison of the filename
Ian> passed to open(2) - fails if O_CREAT is specified without O_EXCL.

	I think I would want echo blah > /tmp/junk nto to start
 failing on my just because there is a file called junk already
 in there. Modifying libc is too deep rooted a change; and modifes the
 semantics of /tmp in an unacceptable fashion. I think the goals are
 laudable -- but something like this should not be unleased even on
 unstable. 

	If any such libc is released it should go into experimental,
 not unstable. Then one may install the library on test systems
 as one wishes.

	manoj

-- 
 "In every country and every age, the priest has been hostile to
 Liberty." Thomas Jefferson
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: /tmp exploits
  - From: Ian Jackson <ian@chiark.greenend.org.uk>

References:
- /tmp exploits
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: Intent to package: debian-keyring
Next by Date: Gnome debs?
Previous by thread: Re: /tmp exploits
Next by thread: Re: /tmp exploits
Index(es):
- Date
- Thread