>From [EMAIL PROTECTED] Tue Jun 19 23:25:33 2001
>[EMAIL PROTECTED] schrieb am Sonntag, den 17. Juni 2001:
>> If you are going to write a security related application, this note may be useful.
>>
>> Unfortunately your thoughts are based on a wrong assumption:
>>
>> There is only one reason to hide the name of a tempfile from other people:
>>
>> You are going to write a security relevant appliaction where people
>> could gain something from attaking the /tmp files. You see, it only
>> applies to suid or sgid applications.
>So having a script which, when run by a user, can cause the user's mail
>spool file to be overwritten is not a security problem?
If youremove the old file first, you may be close to 100% sure that
there is no such problem. Note that many UNIX programs create /tmp/ files
and some of them make it easy to know the names in advance.
J�rg
EMail:[EMAIL PROTECTED] (home) J�rg Schilling D-13353 Berlin
[EMAIL PROTECTED] (uni) If you don't have iso-8859-1
[EMAIL PROTECTED] (work) chars I am J"org Schilling
URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
