Roland Mainz <roland.mainz at nrubsig.org> wrote:
> > Unfortunately the use of TMPDIR is inherited across "su" and
> > then, when users assume roles, TMPDIR no longer works.
> >
> > I would think this is too risky to change.
>
> Why ?
> 1. The directory created by /etc/profile always has mode 1777 set and
> therefore anyone can create/read/write files in that directory. It could
> be a theoretical problem for something like mode=700 but we do not
> propose that in this case...
If the directory is created with the POSIX file owner == the owner
of the directory and if the mode ia 1777, it is possible for the owner
to remove files creted by other users by doing:
chmod u-t $TMPDIR
rm $TMPDIR/some-file
chmod u+t $TMPDIR
J?rg
--
EMail:joerg at schily.isdn.cs.tu-berlin.de (home) J?rg Schilling D-13353 Berlin
js at cs.tu-berlin.de (uni)
schilling at fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
