Re: severity for bugs in ignoring TMP/TMPDIR?

[Russ Allbery <rra@debian.org>]

Ben Hutchings <ben@decadent.org.uk> writes:

> The test should be for non-random names *or* missing O_EXCL.  Use of an
> entirely predictable name with O_EXCL allows a DoS and use of a
> pseudo-random name without O_EXCL may still be exploitable for
> overwriting other files if the attacker can try repeatedly.

Sometimes there are no good options other than using O_EXCL with a
predictable name because the name is used as a rendezvous point.  This is
the case in some (non-default) configurations for Kerberos tickets, for
example.

But yes, it's not ideal.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>