Re: deleting content of /tmp

To: debian-user@lists.debian.org
Subject: Re: deleting content of /tmp
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
Date: Sun, 25 Mar 2007 13:35:03 +0200
Message-id: <[🔎] 20070325113503.GC1681@fantomas.sk>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 4605F9A4.8090405@cox.net>
References: <[🔎] 20070325022219.GC26003@santiago.connexer.com> <[🔎] 4605DF1E.2040801@cox.net> <[🔎] 20070325024644.GE26003@santiago.connexer.com> <[🔎] 4605E9C8.8050001@cox.net> <[🔎] 20070325031919.GH26003@santiago.connexer.com> <[🔎] 4605ED94.7020508@cox.net> <[🔎] 20070325033639.GI26003@santiago.connexer.com> <[🔎] 4605F080.6020808@cox.net> <[🔎] 20070325040747.GF24673@big.lan.gnu> <[🔎] 4605F9A4.8090405@cox.net>

On 24.03.07 23:25, Ron Johnson wrote:
> Apparently so. :(
> 
>     tmpfile()
>         Return a new file object opened in update mode ("w+b").
>         The file has no directory entries associated with it and
>         will be automatically deleted once there are no file
>         descriptors for the file. Availability: Macintosh, Unix,
>         Windows.
> 
> What I meant was os.tempnam().  Which the documentation indicates is
> vulnerable to symlink attacks.

...just because it does have directory entry. and that's why passing open
file without links is not vulnerable.

> Not being able to exclusively lock a file is a definite weakness.

well, even if you would be able to exclusively lock a file, using such files
is easy and effective way to get some security.

> Enterprise OSs give you much richer file semantics.  But... they're
> heavier and slower.

which OSes are you talking about?


Ron, please stop it. This is an old, simle and safe strategy, definitely not
a bug. The fact you don't understand it does not mean it's bad.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.

Reply to:

References:
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: deleting content of /tmp
Next by Date: Re: Any feedback on Icedove?
Previous by thread: Re: deleting content of /tmp
Next by thread: Re: deleting content of /tmp
Index(es):
- Date
- Thread