Re: another /tmp race: `perl -e' opens temp file not safely

Theo de Raadt (deraadt@CVS.OPENBSD.ORG)
Sat, 07 Mar 1998 23:44:18 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Theo de Raadt: "Re: another /tmp race: `perl -e' opens temp file not safely"
Previous message: dorqus maximus: "Plaintext passwords in Chase Online Banking"
Maybe in reply to: stanislav shalunov: "another /tmp race: `perl -e' opens temp file not safely"
Next in thread: Theo de Raadt: "Re: another /tmp race: `perl -e' opens temp file not safely"

> All this complexity of trivial things (just open a temp file) is one
> of the reasons I think the whole idea of /tmp is a fundamental
> misdesign and eventually one should be able to chmod it to 755 (while
> programs should use per-user TMPDIRs).

Which, as I've said before, works REALLY well for setuid programs.

Imagine:

TMPDIR=/

Or how would you solve that problem?

Next message: Theo de Raadt: "Re: another /tmp race: `perl -e' opens temp file not safely"
Previous message: dorqus maximus: "Plaintext passwords in Chase Online Banking"
Maybe in reply to: stanislav shalunov: "another /tmp race: `perl -e' opens temp file not safely"
Next in thread: Theo de Raadt: "Re: another /tmp race: `perl -e' opens temp file not safely"