Re: /tmp exploits
Manoj Srivastava writes ("Re: /tmp exploits"):
...
> I think I would want echo blah > /tmp/junk nto to start
> failing on my just because there is a file called junk already
> in there. Modifying libc is too deep rooted a change; and modifes the
> semantics of /tmp in an unacceptable fashion. I think the goals are
> laudable -- but something like this should not be unleased even on
> unstable.
I think noone, even humans, should type `echo blah > /tmp/junk'. Make
a directory named after your userid, or use your home directory, or
something.
Insecure use of /tmp is still insecure when done by humans - even more
so, perhaps, because I might well be able to predict your favourite
filename well in advance much more easily than I could predict the PID
of a particular program invoked at some unknown time in the future.
Also, several people who use /tmp in this way may well clash with each
other, causing untold mayhem.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: