Re: /tmp exploits
Hi,
>>"Ian" == Ian Jackson <ian@chiark.greenend.org.uk> writes:
Ian> I think noone, even humans, should type `echo blah > /tmp/junk'.
Ian> Make a directory named after your userid, or use your home
Ian> directory, or something.
Right. But my machine, my rules -- and this proposal would
change the behaviour of Debian to be very different from _any_ other
UNIX I have been on.
I just looked at POSIX, and I think your proposal is in
violation of the POSIX standard, as well as the UNIX98 spec.
Ian> Insecure use of /tmp is still insecure when done by humans - even
Ian> more so, perhaps, because I might well be able to predict your
Ian> favourite filename well in advance much more easily than I could
Ian> predict the PID of a particular program invoked at some unknown
Ian> time in the future.
Ian> Also, several people who use /tmp in this way may well clash with
Ian> each other, causing untold mayhem.
True. That is all very well. But this is a local issue. As I
said, I like it this way on my machine. And POSIX says it should
behave the way it has behaved before. (I shall look up exact chapter
and verse again if you wish; I was called away on other errands and
lost my place in the standards).
I think we should stay away from delibrate non-compliance,
even for laudable goals such as these. An experimental non-conformant
libc (which I can install on a test system) is not something I shall
object to.
manoj
--
The minute a man is convinced that he is interesting, he isn't.
Manoj Srivastava <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: