On Friday 25 November 2005 17:46, Chris Lightfoot wrote: > On Fri, Nov 25, 2005 at 02:18:43PM -0600, Rob Landley wrote: > > Using /tmp for anything has been kind of discouraged for a while, because > > throwing any insufficiently randomized filename in there is a security > > hole waiting to happen. > > Which case are you worried about here? SFAIK all the > filesystems anyone is likely to mount on /tmp implement > O_EXCL correctly, and in any case (as was remarked > elsewhere) there's always mkdir.
I think programmers got the general impression using /tmp for temporary files was a really stupid idea from the fact that it keeps cropping up on things like LWN's security section. Here's the ones they linked to just last week as still being fixed by various distros: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2104 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3124 Rob -- Steve Ballmer: Innovation! Inigo Montoya: You keep using that word. I do not think it means what you think it means. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-devel mailing list User-mode-linux-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
