[8751] in bugtraq
Re: OSS nice tmp race
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Mon Dec 21 14:44:47 1998
Date: Sun, 20 Dec 1998 22:53:09 +0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Crispin Cowan <crispin@CSE.OGI.EDU>
To: BUGTRAQ@NETSPACE.ORG
Joel Eriksson wrote:
> There are of course cases where it's not this easy to get rid of the need
> for a temporary file, the best way to fix this problem I think would be if
> all users had their own private tmp-directory. I have heard of patches
> that makes /tmp to a pseudo-directory that is "private" for each user
> that may be useful (I think it was for Linux, but I don't think it is
> widely spread).
>
> Since programmers keep repeating the old mistakes over and over again, the
> responsibility is ultimately the users. One can't check all of the
> sourcecode that we compile (at least not as thouroughly that may be
> needed), but eliminating the possibility of certain common bugs from
> having any dangerous implications is a first step. I think solutions like
> StackGuard and the like is of great use when it comes to this.
Thanks for the plug! Unfortunately, I haven't thought of any StackGuard-like techniques for
treating race conditions. Matt Bishop's excellent paper on race condtions has some reasons why
race conditions are un-decidable at the compiler level.
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
NEW: Protect Your Linux Host with StackGuard'd Programs :FREE
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Support Justice: Boycott Windows 98