Walter Hofmann <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] schrieb am Sonntag, den 17. Juni 2001:
> > You did not get it:
> >
> > 1) UNIX security is not done by obscurity but by permissions
>
> So what are your permissions on /tmp? 777+sticky bit?
That's a normal setting on many systems.
> Or do you have a kernel patch which re-routes access to /tmp to a
> user-defined secure place?
Why would you? If you want great security you don't use /tmp. We
started talking about a useful script, which you can change to put the
files in a loop mounted cryptographic filesystem with no permissions at
all.
> And does your OS follow links by other users in directories which have
> the sticky bit set?
If someone has invaded the system to the point where they can change
/tmp to a symbolic link, then you have vastly larger problems than
allowing access to a CD image.
If you really care, you can create a permission 700 directory in /tmp
and change the script to put files there. This follows from my comment
above. I'm not sure I care, the machines on which I burn have only
trusted users, but if you do there are several solutions.
--
-bill davidsen ([EMAIL PROTECTED])
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
