Date: Thu, 20 Jan 2000 14:29:17 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Andriss <andriss@andriss.com> Cc: cjclark@home.com, questions@FreeBSD.ORG Subject: Re: suggestion to prevent /tmp races Message-ID: <20000120142917.D72914@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.21.0001201359270.93530-100000@netmint.com>; from andriss@andriss.com on Thu, Jan 20, 2000 at 02:08:22PM -0500 References: <20000120134541.B72914@cc942873-a.ewndsr1.nj.home.com> <Pine.BSF.4.21.0001201359270.93530-100000@netmint.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 20, 2000 at 02:08:22PM -0500, Andriss wrote: [snip] > >A better method is for a user to make a 700 permission directory in > >/tmp, although there are still some details to making even that > >secure. > > I agree, that would be more secure. The downside is that it would take > forever to patch all programs that use /tmp to use /tmp/username > instead and create (and permission) that directory properly. It is > good idea though... Maybe a directory in /tmp should be created > along with the directory in /home and permissioned properly > by the adduser script? The best way to go is to for programs to call functions like tmpfile(3). Then security upgrades can just be done to the library functions. tmpfile(3) would take care of creating or using an existing secure temp dir on its own. And BTW, my .login creates a 600 directory in /var/tmp and then sets TMPDIR to that directory. This helps for the many programs that use TMPDIR. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000120142917.D72914>