Another reason why - really /tmp
John Robert LoVerso
loverso at sunybcs.UUCP
Sat Sep 21 05:50:02 AEST 1985
From: peter at rlgvax.UUCP (Peter Klosky) 16 Sep 85 <764 at rlgvax.UUCP>
> > For security make your /tmp file 0600 mode.
>
> /tmp is world writeable. This means that anyone can unlink tmp files.
> In particular, my application wants to pass state data from a child
> process to a parent prodcess via a tmp file that the child creates,
> and there are windows of vulnerability in this scheme, due to the unlink
> trouble.
Easy. have your application make a subdirectory in /tmp, and then place
a file within that subdir. As long as your subdirectory is not world
writeable, you can place tmp files there w/o having a window of vulnerability.
I also changed /etc/rc to clear /tmp with an rm -r
John
--
John Robert LoVerso @ SUNY/Buffalo Computer Science (716-636-3190)
LoVerso%Buffalo at CSNET-RELAY -or- ..!{watmath|dual|decvax}!sunybcs!loverso
More information about the Comp.unix.wizards
mailing list