Date: Fri, 10 Jan 1997 17:59:21 +1100 (EST) From: proff@suburbia.net To: steve@edmweb.com (Steve Reid) Cc: security@freebsd.org Subject: Re: Obvious fix for tempfile race conditions? Message-ID: <19970110065921.10484.qmail@suburbia.net> In-Reply-To: <Pine.BSF.3.95.970109214858.1613A-100000@bitbucket.edmweb.com> from Steve Reid at "Jan 9, 97 10:06:54 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I'd bet there are other, less obvious problems in other programs. > > Disabling symlinks in /tmp would greatly reduce a cracker's options. > > This is the wrong philosophical approach. Instead of bludgenoning the file-system, make it work for you. Create per-user temp directories. awk </etc/passwd -F: '{system("mkdir -m 1700 /tmp/"$1" ; chown "$1" /tmp/"$1);}' Most programs will obey one of TMP, TEMPDIR, TMP or their own configuration file. -Julian <proff@iq.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970110065921.10484.qmail>