> "Martijn van Oosterhout" <[EMAIL PROTECTED]> writes: > > > On Thu, Aug 21, 2008 at 9:29 PM, "Marc Schütz" <[EMAIL PROTECTED]> > wrote: > >>> I wanted to call it Z_X_Y to make it easy for somebody trying to debug > >>> things to find the data. > >> > >> You have to be careful if you use fixed or predictable names in /tmp to > avoid symlink attacks. > > > > So don't use /tmp but some other directory that doesn't have > > world-write permissions. Enfore that and you don't need to worry about > > the names. > > You can also set the working folder's permissions to 700 and nobody > can put a symlink inside.
Yes, but as the default working directory in tilesAtHome.conf.linux is "/tmp/", the client is unsafe by default. This should be fixed. Regards, Marc -- Psssst! Schon das coole Video vom GMX MultiMessenger gesehen? Der Eine für Alle: http://www.gmx.net/de/go/messenger03 _______________________________________________ Tilesathome mailing list [email protected] http://lists.openstreetmap.org/listinfo/tilesathome
