[5988] in bugtraq
Re: GCC 2.7.? /tmp files
daemon@ATHENA.MIT.EDU (Michael Douglass)
Fri Jan 16 12:54:55 1998
Date: Fri, 16 Jan 1998 00:42:20 -0600
Reply-To: Michael Douglass <mikedoug@TEXAS.NET>
From: Michael Douglass <mikedoug@TEXAS.NET>
X-To: =?iso-8859-1?Q?Micha=B3_Zalewski?= <lcamtuf@POLBOX.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: =?iso-8859-1?Q?=3C01bd21fe$fc33b9a0$LocalHost=40LCAMTUF=3E=3B_from_Micha?=
=?iso-8859-1?Q?=B3_Zalewski_on_Thu=2C_Jan_15=2C_1998_at_10=3A46=3A06PM_+?=
=?iso-8859-1?Q?0100?=
On Thu, Jan 15, 1998 at 10:46:06PM +0100, Micha=B3 Zalewski said:
This is a _simple_ one to 'fix'. My personal belief is that if anyone
is at all concerned about /tmp explots, they will create a 'tmp'
directory within their home directory and then set the TMPDIR environme=
nt
variable to reference it. Most of the programs in use today will honor
it; and if you are worried about the general user on your system, add t=
o
the system profile to set their TMPDIR (and I guess you could check for
the existance of it and create it if necessary).
There are just too many issues to deal with in the /tmp exploits; and t=
his
method removes them _ALL_. (Oh, just don't have your home dir executab=
le
and your tmp dir world writable at least. :)
> During compilation, gcc uses following temporary files:
>
> /tmp/ccXXXXXX.i
> /tmp/ccXXXXXX.s
> /tmp/ccXXXXXX.o
--
Michael Douglass
Texas Networking, Inc.
<tnet admin> anyway, I'm off, perl code is making me [a] crosseyed toad=
y
