Bugtraq mailing list archives
Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10
From: djr () haddock saa-cons co uk (Dave Roberts)
Date: Tue, 29 Aug 1995 14:08:28 +0100
On Fri, 25 Aug 1995, Darren Reed wrote:
People designing setuid-root programs or programs in general which perform priviledged operations and need temporary files should consider using a non-public access directory as the temp. file location.
What about using the tempnam() call? Maybe it's not available on all platforms although it is on AIX, SCO and HP-UX, so I'd have thought it would be. Do you feel that the randomness of the filenames this returns is not random enough? Or is it that the very nature of a file that the world can get at is the security threat, no matter what permissions are in existence. I'd have thought that having /tmp mode 1777, using tempnam() to get the file name, and creating this file in mode 0600 would be sufficient. Dave Roberts | "Just paddling out into big surf is a total Unix Systems Administrator | commitment" * "You can't just call time-out and SAA Consultants Ltd | stroll on back to the beach if you don't like Plymouth, UK <EDI Services> | the way things are going" - Point Break
Current thread:
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) der Mouse (Aug 23)
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) Tom Fitzgerald (Aug 23)
- -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dr. Frederick B. Cohen (Aug 24)
- Security Mailing Lists Christopher Klaus (Dec 09)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
- .lsof_dev_cache Dave Sill (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- SunOS syslog.c replacement Matthew Donaldson (Aug 30)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Mark Thomas (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)