Hello,
Sorry for the long delay.
Pavel Raiskup writes:
> Ensure that nobody can cross privilege boundaries by pre-creating
> symlink on '$tmpdir' path.
>
> Just testing 'mkdir -p' by creating '/tmp/ins$RANDOM-$$/d' is not
> safe because '/tmp' directory is usually
Hello thomas,
Thomas Deutschmann writes:
> Pavel Raiskup submitted a patch to avoid a (low risk) race
> in /tmp in April 2015 [1] which still isn't merged.
>
> Was there a reason or was it just forgotten? Maybe we can
> add it now?
Yes it has just been forgotten, if the
Hi,
Pavel Raiskup submitted a patch to avoid a (low risk) race
in /tmp in April 2015 [1] which still isn't merged.
Was there a reason or was it just forgotten? Maybe we can
add it now?
It is currently present in Red Hat, Debian and Gentoo
(haven't checked more distributions).
See also: