"Sean Hunter" <sean@uncarved.co.uk> writes:
> On Tue, Jan 11, 2000 at 08:20:54PM +0100, Marcus Sundberg wrote:
> > Stephen Frost <sfrost@ns.snowman.net> writes:
> >
> > > People use the PID to create temp files and whatnot,
> > > from what I've seen.
> >
> > And they do that in order to get a unique number, not a random number.
>
> This is also a really bad idea, because with easily guessable pids you
> are opening yourself to /tmp races.
There can be only one process with a given pid at a time, so there can't
be anything I'd call a race.
Ofcourse there are security implications of handling files in /tmp, but
that is independent of how the filenames are generated and a completely
different story. A program that relies on non-guessable filenames in
/tmp to be secure is severly broken.
//Marcus
-- Signature under construction, please come back later.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:20 EST