> I'm not sure, but I've gotten the impression that if tmp cleaners are used > then /tmp is pretty much irredeemably insecure, and there's not much point > worrying about that case. But maybe there are folks who use tmp cleaners > and also care about security. After all, one reason to use tmp cleaners is > simply to avoid DOS attacks that fill up tmp--which itself is a security > issue.
Maybe this afternoon I'll do a little searching about and see what
people (other than that HOWTO) are saying about using mkdtemp. The
non-security issue is: what do we for operating systems that don't
provide mkdtemp? Maybe haskell.org should sponsor a compile farm for
every OS that runs GHC. Then we could see if all of them support it.
> Wouldn't it be nice if everybody would just agree to be good?
Maybe nobody ever asked. Let's change the world, right here on
darcs-devel:
I hereby promise to be a good person, in all aspects of my life,
including but not exclusively with regard to security issues.
-- Zachary P. Landau, 2007-02-07
If we can get 6 billion people to sign the above statement, we can just
use mktemp() in /tmp.
--
Zachary P. Landau <[EMAIL PROTECTED]>
GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
signature.asc
Description: Digital signature
_______________________________________________ darcs-devel mailing list darcs-devel@darcs.net http://lists.osuosl.org/mailman/listinfo/darcs-devel
