Re: GCC 2.7.? /tmp files

Perry E. Metzger (perry@piermont.com)
Sun, 18 Jan 1998 21:18:44 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: FrontLine Assembly: "Re: pbomb'ing SSH on a FreeBSD box."
Previous message: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "MC shell scripts"
Maybe in reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "GCC 2.7.? /tmp files"
Next in thread: Zack Weinberg: "Re: GCC 2.7.? /tmp files"

Theo de Raadt writes:
> In OpenBSD we have fixed hundreds of these /tmp races. I do not
> believe there is a simple answer.

I believe there is.

General publically writable /tmp directories are bad. Systems should
move towards using /tmp/${USER}/ directories on a per-user basis, with
these directories being only touchable by the user. These would cut,
in a gordion knot fashion, literally hundreds of exploits that have
shown up in dozens of places.

I believe, btw, that a similar general fix might help out the
spate of /var/mail security problems.

Perry

Next message: FrontLine Assembly: "Re: pbomb'ing SSH on a FreeBSD box."
Previous message: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "MC shell scripts"
Maybe in reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "GCC 2.7.? /tmp files"
Next in thread: Zack Weinberg: "Re: GCC 2.7.? /tmp files"