From owner-freebsd-questions  Thu Jan 20  8:23:57 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from netmint.com (netmint.com [207.106.21.130])
	by hub.freebsd.org (Postfix) with ESMTP id 5A2A914E9C
	for <questions@freebsd.org>; Thu, 20 Jan 2000 08:23:54 -0800 (PST)
	(envelope-from andriss@andriss.com)
Received: from localhost (andriss@localhost)
	by netmint.com (8.9.3/8.9.3) with ESMTP id LAA75990
	for <questions@freebsd.org>; Thu, 20 Jan 2000 11:23:53 -0500 (EST)
Date: Thu, 20 Jan 2000 11:23:49 -0500 (EST)
From: Andriss <andriss@andriss.com>
X-Sender: andriss@netmint.com
To: questions@freebsd.org
Subject: suggestion to prevent /tmp races
Message-ID: <Pine.BSF.4.21.0001201118020.75919-100000@netmint.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

After reading the latest advisory on the make -j /tmp race I decided
to post to the list a suggestion that could theoretically prevent or
make significantly harder the /tmp races...

For example, if you set the following permissions on /tmp:

drwxrwx-wt   3 root  wheel      512 Jan 20 11:17 tmp

... no ordinary users will be able to list the directory, but they
can list (and fully use) their own files if they know what the file
name is.  Now, users don't have to list the directory at all!
They just have to be able to create the files, and use them.

99% of the time, it's some program that creates that files for the
user, for instance Pine. Not being able to list the directory would
not break this behaviour..

A similar suggestion could also apply to vi.recover..

Andriss

- --
______________________________________________________________
Andrey Kholodenko <andriss@andriss.com> http://www.andriss.com
Download My Public PGP Key From http://www.andriss.com/pgp.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOIc2mCQe9jf/ODl9AQGvdAP+Ove7kHez9dCoiaQD9snHxkzVPwb4xdx9
4FV6V0qHbRxDM0/WIhBnfD+2eSD5EAPfsPqya/6jJ3OSpek7dXWn283bzdap+vnm
rrt7ugdGj4dSA6TjKkwFHT/tenE9ZvOznHtR3W9vgvEEoNHfFr245v/kXksvrScb
GZaXDe48FeA=
=GOiv
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message