[6256] in bugtraq
Re: another /tmp race: `perl -e' opens temp file not safely
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Sun Mar 8 11:35:44 1998
Date: Sat, 7 Mar 1998 23:44:18 -0700
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: stanislav shalunov <shalunov@mccme.ru>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 08 Mar 1998 03:53:09 GMT."
<199803080345.GAA20527@main.mccme.rssi.ru>
> All this complexity of trivial things (just open a temp file) is one
> of the reasons I think the whole idea of /tmp is a fundamental
> misdesign and eventually one should be able to chmod it to 755 (while
> programs should use per-user TMPDIRs).
Which, as I've said before, works REALLY well for setuid programs.
Imagine:
TMPDIR=/
Or how would you solve that problem?
