Re: t bit and symlinks patch

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Mike Kilburn: "Re: Ping with a 65510 bytes pack"
• Previous message: Philippe Strauss: "Re: Untested but this should fix the problem with oversize packets"
• In reply to: Andrew Tridgell: "t bit and symlinks patch"

> > Here is an implementation of my proposal for fixing the
> > "symlink-in-/tmp" style of security hole.
> >
> > Please let me know if you can see any problems with this patch, or a
> > better way of doing it.
>
> Nice idea. IMHO however the fix is to stop people writing applications
> that use /tmp for everything. /tmp was a great idea once upon a time. Its
> value nowdays is a bit questionable. Better that daemons use /var/run
> and applications $HOME/.files

A quite obvious variation for users would be to have /tmp/$LOGIN (probably
not under /tmp, though). Of course, ~/tmp does just as well, except for
automatic cleanup. (Hmm ... so maybe both are useful?)

And have a general area for data exchange between different users. Not all
people want to open up their home directories to do that.

Of course, except for Andrew's patch, nothing of this has anything to do
with the kernel ...

MfG Kai

• Next message: Mike Kilburn: "Re: Ping with a 65510 bytes pack"
• Previous message: Philippe Strauss: "Re: Untested but this should fix the problem with oversize packets"
• In reply to: Andrew Tridgell: "t bit and symlinks patch"