[2121] in bugtraq
Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Thomas_K=F6nig?=)
Wed Aug 16 19:27:02 1995
Date: Wed, 16 Aug 1995 23:07:30 +0200
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: =?ISO-8859-1?Q?Thomas_K=F6nig?=
<Thomas.Koenig@ciw.uni-karlsruhe.de>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <40tkps$7j5@dhp.com> from "Panzer Boy" at Aug 16, 95 04:35:08 pm
Panzer Boy wrote:
>
>: It should be possible to have a temporary directory for each user,
>: such as /tmp/username (or any other place you care to put it).
>
>: This would fix a great many problems, and apart from UNIX tradition,
>: I see no reason against it.
>
>Just the easy sharing of files, and why make /tmp/username, why not
>/home/username... :)
Easy sharing of files is no problem: have one /tmp/common.
/home/username: Well, I believe quite a few sites periodically
clean out /tmp (at least on each reboot); I suspect fewer sites
clean out /home that way :-)
Sticky bit on /tmp: it goes a long way towards a solution, but numerous
denial of service attacks are still possible. What about "touch
/tmp/mbox.username", to name a simple one? How many programs
open a file with a predictable name in /tmp, and neglect to
do an open(..., O_CREAT|O_EXCL)?
--
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
