Date: Fri, 10 Jan 1997 17:59:21 +1100 (EST) From: proff@suburbia.net To: steve@edmweb.com (Steve Reid) Cc: security@freebsd.org Subject: Re: Obvious fix for tempfile race conditions? Message-ID: <19970110065921.10484.qmail@suburbia.net> In-Reply-To: <Pine.BSF.3.95.970109214858.1613A-100000@bitbucket.edmweb.com> from Steve Reid at "Jan 9, 97 10:06:54 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I'd bet there are other, less obvious problems in other programs.
>
> Disabling symlinks in /tmp would greatly reduce a cracker's options.
>
>
This is the wrong philosophical approach. Instead of bludgenoning
the file-system, make it work for you. Create per-user temp
directories.
awk </etc/passwd -F: '{system("mkdir -m 1700 /tmp/"$1" ; chown "$1" /tmp/"$1);}'
Most programs will obey one of TMP, TEMPDIR, TMP or their own configuration
file.
-Julian <proff@iq.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970110065921.10484.qmail>