[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: deleting content of /tmp

On Sun, 25 Mar 2007, Henrique de Moraes Holschuh wrote:
> want it for.  It is the only failure-proof way to make sure temporary files
> cannot be attacked from outside, and also that they will disappear if the

Err, there are a lot of "provided that <foo doesn't happen>" stuff in the
"cannot be attacked from the outside".  I should make that clear.

Some of them I can recall immediately are:

1. Before you unlink the file, it can be attacked.  Too bad we don't have a
"create an unlinked file" operation (do we?), it is often what you want to
do so that you can have backing store other than swap space...

2. After you unlink the file, that pesky /proc filesystem will still have a
link to it for all processes in the same namespace as the process that
created the file, and the file can be attacked through that link.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: