From: Rob Landley <rob@landley.net>
To: Chris Lightfoot <chris@ex-parrot.com>
Cc: Nix <nix@esperi.org.uk>, user-mode-linux-devel@lists.sourceforge.net
Subject: Re: [uml-devel] When /tmp is not tmpfs.
Date: Sat, 26 Nov 2005 04:03:54 -0600 [thread overview]
Message-ID: <200511260403.55274.rob@landley.net> (raw)
In-Reply-To: <F7Gh6QjS+CQJ.VbbzsRXr69warfFBfetWCw@sphinx.mythic-beasts.com>
On Friday 25 November 2005 17:46, Chris Lightfoot wrote:
> On Fri, Nov 25, 2005 at 02:18:43PM -0600, Rob Landley wrote:
> > Using /tmp for anything has been kind of discouraged for a while, because
> > throwing any insufficiently randomized filename in there is a security
> > hole waiting to happen.
>
> Which case are you worried about here? SFAIK all the
> filesystems anyone is likely to mount on /tmp implement
> O_EXCL correctly, and in any case (as was remarked
> elsewhere) there's always mkdir.
I think programmers got the general impression using /tmp for temporary files
was a really stupid idea from the fact that it keeps cropping up on things
like LWN's security section. Here's the ones they linked to just last week
as still being fixed by various distros:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2104
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3124
Rob
--
Steve Ballmer: Innovation! Inigo Montoya: You keep using that word.
I do not think it means what you think it means.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next prev parent reply other threads:[~2005-11-26 10:04 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-24 12:11 [uml-devel] When /tmp is not tmpfs Rob Landley
2005-11-24 20:40 ` Blaisorblade
2005-11-25 8:26 ` Rob Landley
2005-11-25 9:55 ` Jeff Dike
2005-11-25 9:48 ` Rob Landley
2005-11-25 10:52 ` Rob Landley
2005-11-25 11:26 ` Rob Landley
2005-11-25 14:56 ` Nix
2005-11-25 15:03 ` Chris Lightfoot
2005-11-25 15:36 ` Nix
2005-11-25 16:03 ` Rob Landley
2005-11-25 19:33 ` Nix
2005-11-25 20:18 ` Rob Landley
2005-11-25 21:04 ` Nix
2005-11-25 22:31 ` Rob Landley
2005-11-27 16:48 ` Blaisorblade
2005-11-27 18:17 ` Nix
2005-11-27 19:24 ` Rob Landley
2005-11-25 23:33 ` Blaisorblade
2005-11-26 2:12 ` Nix
2005-11-26 11:47 ` Rob Landley
2005-11-27 17:37 ` Blaisorblade
2005-11-27 18:35 ` Nix
2005-11-27 19:10 ` Blaisorblade
2005-11-27 19:43 ` Nix
2005-11-27 21:21 ` Rob Landley
2005-11-27 18:59 ` Rob Landley
2005-11-27 19:20 ` Blaisorblade
2005-11-27 21:41 ` Rob Landley
2005-11-29 16:52 ` Blaisorblade
2005-11-27 18:31 ` Nix
2005-11-28 1:07 ` Rob Landley
2005-11-29 16:08 ` Blaisorblade
2005-11-29 19:38 ` Rob Landley
2005-11-26 10:44 ` Rob Landley
2005-11-27 16:38 ` Blaisorblade
2005-11-27 18:49 ` Nix
2005-11-27 21:25 ` Rob Landley
2005-11-27 17:10 ` Blaisorblade
2005-11-25 23:46 ` Chris Lightfoot
2005-11-26 10:03 ` Rob Landley [this message]
2005-11-26 10:15 ` Chris Lightfoot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200511260403.55274.rob@landley.net \
--to=rob@landley.net \
--cc=chris@ex-parrot.com \
--cc=nix@esperi.org.uk \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.