Re: deleting content of /tmp

To: Ron Johnson <ron.l.johnson@cox.net>
Cc: debian-user@lists.debian.org
Subject: Re: deleting content of /tmp
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun, 25 Mar 2007 22:48:31 -0300
Message-id: <[🔎] 20070326014831.GB6718@khazad-dum.debian.net>
In-reply-to: <[🔎] 4605E9C8.8050001@cox.net>
References: <[🔎] 460589C1.6010200@dsl.pipex.com> <[🔎] 20070324170344.1a2b5fc8.raquel@thericehouse.net> <[🔎] 20070325000738.GA26003@santiago.connexer.com> <[🔎] 4605D2AE.8040308@cox.net> <[🔎] 20070325014519.GT27344@zip.com.au> <[🔎] 4605D647.1030302@cox.net> <[🔎] 20070325022219.GC26003@santiago.connexer.com> <[🔎] 4605DF1E.2040801@cox.net> <[🔎] 20070325024644.GE26003@santiago.connexer.com> <[🔎] 4605E9C8.8050001@cox.net>

On Sat, 24 Mar 2007, Ron Johnson wrote:
> > On the contrary.  It makes it so that the only way that someone can get
> > to the file is by having cracked the kernel itself.  That is, without
> > the file descriptor, no other process can get to the data.  For example,
> > qemu does this.  Lots of other programs do this as well for security.
> > They open the file, immediately unlink it and then the only access is
> > via the file descriptor.
> 
> That reminds me of the Vietnam War philosophy "we had to destroy the
> village in order to save the village".  It was bad "design" 40 years
> ago, it's a bad design now.

No.  You destroy the village in order for it not be able to bother you
anymore, because you care a lot more about your objectives than the people
in the village.

And it is *excellent* design to unlink an open file depending on what you
want it for.  It is the only failure-proof way to make sure temporary files
cannot be attacked from outside, and also that they will disappear if the
program crashes, exits, or has other problems.  You can easily change that
to a "unlink on sucessfull exit" thing when running in debug mode, too.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: deleting content of /tmp
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- Re: deleting content of /tmp
  - From: andy <geek_show@dsl.pipex.com>
- Re: deleting content of /tmp
  - From: Raquel <raquel@thericehouse.net>
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: CaT <cat@zip.com.au>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: deleting content of /tmp
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: deleting content of /tmp
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: d-u backlog (was Re: ..help my doorbell...)
Next by Date: Re: OT: Politics and other non-Debian ramblings
Previous by thread: Re: deleting content of /tmp
Next by thread: Re: deleting content of /tmp
Index(es):
- Date
- Thread