[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: So I received a gpg-signed email, can I trust it?

* Enrico Zini <enrico@enricozini.org>, 2016-07-08, 11:21:
 $ mkdir /tmp/keyring
 $ chmod 0700 /tmp/keyring

This way of creating a directory inaccessible to other is racy. Between mkdir and chmod calls, the directory could be opened by an attacker (and then kept open forever). A non-racy way looks like this:

$ mkdir -m 0700 foobar

And you really shouldn't use /tmp as a personal scratch space.
/tmp is word-writable and therefore not suitable for this purpose.

(Yes, I realize that these are just examples. But let's not teach people bad habits.)

Jakub Wilk

Reply to: