> -----Original Message----- > From: Guillaume Morin [mailto:[EMAIL PROTECTED] > Sent: Monday, July 28, 2003 12:35 PM > To: [EMAIL PROTECTED] > Subject: Re: Stripping trailing blanks? > >
<snip> > > The problem is actually the predictible file name in a world-writable > directory. An attacker could create a symlink with the name > "strip.pid" > (a pid is actually pretty easy to predict, and you can always > create as > much symlinks as you want) pointing to one of your files and when > launching the command you would overwrite the file. It is really a > disaster if root runs this command. > > Guillaume Understand increases, thanks. I guess it would be "better" if, somehow, /tmp could refer to a different filesystem or directory for each individual user. UNIX on OS/390 does have something like this. A different kind of symlink which is dependant on the userid. Or perhaps, setup /tmp/$USER for every valid use and don't have /tmp be world-writable. I wonder why Linux doesn't do that? It should be easy to change the scripts that use /tmp to use /tmp/$USER and to change the useradd program to create /tmp/$USER when it creates /home/$USER and make it have the correct permissions. Or even create /home/$USER/tmp and symlink it to /tmp/$USER. Just some weird thoughts from a "legacy" sysprog. I may well be all wet. -- John McKown Senior Systems Programmer UICI Insurance Center Applications & Solutions Team +1.817.255.3225 This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited.
