This is a _simple_ one to 'fix'. My personal belief is that if anyone
is at all concerned about /tmp explots, they will create a 'tmp'
directory within their home directory and then set the TMPDIR environment
variable to reference it. Most of the programs in use today will honor
it; and if you are worried about the general user on your system, add to
the system profile to set their TMPDIR (and I guess you could check for
the existance of it and create it if necessary).
There are just too many issues to deal with in the /tmp exploits; and this
method removes them _ALL_. (Oh, just don't have your home dir executable
and your tmp dir world writable at least. :)
> During compilation, gcc uses following temporary files:
>
> /tmp/ccXXXXXX.i
> /tmp/ccXXXXXX.s
> /tmp/ccXXXXXX.o
-- Michael Douglass Texas Networking, Inc.<tnet admin> anyway, I'm off, perl code is making me [a] crosseyed toady