Re: QUOTA

Craig Milo Rogers (rogers@isi.edu)
Fri, 13 Dec 96 13:30:05 PST


>In specific, userland binaries that trust what they find in /tmp are broken.
>Fixing them is a priority, and changing the way link() behaves just for that
>is a bad idea.

Just for the sake of discussion, suppose there were a special
/tmp filesystem that created (in effect) a separate /tmp directory for
each user (or, even more radically, each process group). Presumably
for this to really work properly, there would have to be some messy
hack to allow set-UID programs to access the union set of the /tmp
files of their real, effective, etc. UIDs; this brings up a potential
name collision problem, of course. Nevertheless, there ought to be
a substantial increase in system security from this relatively simple
approach.

Craig Milo Rogers