On Sat, Nov 26, 2005 at 04:03:54AM -0600, Rob Landley wrote:
> On Friday 25 November 2005 17:46, Chris Lightfoot wrote:
> > On Fri, Nov 25, 2005 at 02:18:43PM -0600, Rob Landley wrote:
> > > Using /tmp for anything has been kind of discouraged for a while, because
> > > throwing any insufficiently randomized filename in there is a security
> > > hole waiting to happen.
> >
> > Which case are you worried about here? SFAIK all the
> > filesystems anyone is likely to mount on /tmp implement
> > O_EXCL correctly, and in any case (as was remarked
> > elsewhere) there's always mkdir.
>
> I think programmers got the general impression using /tmp for temporary files
> was a really stupid idea from the fact that it keeps cropping up on things
> like LWN's security section. Here's the ones they linked to just last week
> as still being fixed by various distros:
[...]
hmm. I'm not sure any of that's an argument for avoiding
use of /tmp in new programs. I'm not really sure what the
sensible alternative is, either: at least you can sensibly
write policy about (e.g.) cleaning old files out of /tmp
if you want to, whereas if you have multiple ad-hoc
policies for temporary files, you can't.
--
language not worship must pink delirious sleep produce
(fridge poetry)
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
