Re: Proposal: restrict link(2)

The Deviant (deviant@pooh-corner.com)
Thu, 12 Dec 1996 23:14:11 +0000 (GMT)


-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 13 Dec 1996, Thomas Koenig wrote:

> The Deviant wrote:
>
> >If you don't want your machine to be hacked, and you're willing to
> >sacrafice functionality, don't network it.
>
> There is also the possibility of a malicious user on a non-networked
> system.
>
> >> Some programs use mktemp(3). The filenames generated are predictable.
> >> Soft links are one way of exploiting this; hard links are another.
> >
> >Then mktemp(3) needs to be fixed...
>
> Can't do this, without breaking existing programs.

Name one.

>
> >A concept which I am all for. But
> >again, this is userland, not kernel.
>
> In that case, please provide a safe way that I can open a file in /tmp,
> without being root. Please include foolproof checks for symbolic and
> hard links.

The only actual problem that you've stated is the predictability of
mktemp(3)'s filenames. If you have a good reason why that can't be fixed
in the library, please, let me know. Again, this isn't a kernel problem.
At most its a problem in libc().

--Deviant
PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

The best way to accelerate a Macintoy is at 9.8 meters per second per second.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMrCRxzCdEh3oIPAVAQHrQAf+LyHYEXgzYLGi6Ng/qgSCmgntnPui7TIY
scsIuktkcZ7JEOUXIIZ/xseJ06gXm2zdW0YeUDqv10MLrJjkq3KTNAWZo7ZyCOzf
Q9gic1pyouTgVb8am547c035RzotImTXV3RIzooje7kSmJbP100GsFFm+9SPKKzy
beZVnLWXyNoAL8v2VAtrPqH0Ih06NFCmcQc2PI6I9ThFzbWTQr7ngFqfRqknfjab
gpip//vlO0c8iUU9nNOdJ8e4rLNHhonBJw2Ru4ycPPQsDFSk2OnIyzxIhfA/5b9l
UKVe4Z6PmjTe6HyhgyiTxkOV1JpemBTVNllPVzf3QG/qP86M1POSpw==
=J3TH
-----END PGP SIGNATURE-----