[813] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: Big security hole in kerneld's request_route

daemon@ATHENA.MIT.EDU (/* (c) 1996 dMv */)
Mon Jun 17 09:53:23 1996

Date: Thu, 13 Jun 1996 22:56:24 -0400 (EDT)
From: "/* (c) 1996 dMv */" <dmv@cybercom.net>
To: Jacques Gelinas <jack@solucorp.qc.ca>
cc: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960613090526.4870B-100000@486dos.solucorp.qc.ca>

On Thu, 13 Jun 1996, Jacques Gelinas wrote:

> > As it appears, it is possible to destroy system philes (such as /etc/passwd
> > and so on). 
> 
> The path should be changed to /var/run/request-route.pid

Just to start another 'religious' holy war, why isn't it a policy to use 
a priveledged tmp location for priveledged processes. Seems to me like 
this is a security issue with a bunch of programs that are necessarily 
powerful (you'll all recall the XFree86 tempfile problem, etc)

We really should try and make it a policy to have 'special' temp files be 
in a dir like /var/tmp/, and let standard users use /tmp/...

Reactions?

dMv

home help back first fref pref prev next nref lref last post