Bugtraq mailing list archives
Tired of /tmp? Here's a proposed solution
From: @ (Igor Chudov @ home)
Date: Mon, 26 Aug 1996 21:18:26 -0500
Are you tired of attacks based on files in /tmp? Well, how about the following solution: 1. Introduce a convention that whenever a program wants a file name for some temporary file, it should call a library function tmp_mknam 2. This function would accept the file prefix and be implemented in the following way: a) check if directory $TMP exists and belongs to the effective uid b) if yes, return $TMP/<prefix><unique id> (maybe using tmpnam) c) if no, create a file under /tmp/<prefix><unique id> (maybe using tmpnam) If program writers follow this convention and call tmp_mknam, users will be able to insure their security from /tmp attacks by creating directories with right permissions, for example under /tmp. For example, I could protect myself by the following commands: $ mkdir /tmp/ichudov $ chmod 700 /tmp/ichudov $ export TMP=/tmp/ichudov This function can be made nit oa separate library of its own. - Igor.
Current thread:
- Re: Vulnerability in the Xt library Warner Losh (Aug 25)
- Re: Vulnerability in the Xt library Casper Dik (Aug 26)
- r00t advisory -- Sunny Day Virus Gregory Hull (Aug 26)
- r00t advisroy -- sol2.5 at(1) vunerability Gregory Hull (Aug 26)
- r00t advisory -- workman vunerability Gregory Hull (Aug 26)
- r00t advisory -- sol2.5 su(1M) vunerability Gregory Hull (Aug 26)
- SGI Security Advisory 19960802-01 - Vulnerability in expreserve SGI Security Coordinator (Aug 26)
- Privileges (was libresolv+ bug) Paul McNabb (Aug 26)
- [BUG] Vulnerability in PINE Sean B. Hamor (Aug 26)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Re: Tired of /tmp? Here's a proposed solution Thomas Koenig (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Sean B. Hamor (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution mdr () vodka sse att com (Aug 28)
- Rlogin vulnerabilty Gabriele Avosani (Aug 28)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Matthew J Brown (Aug 28)
- ftpbounce-0.1.tar.gz Rune Braathen (Aug 27)
- Re: [BUG] Vulnerability in PINE Linux Mailing Lists (Aug 28)
- Re: [BUG] Vulnerability in PINE Sean B. Hamor (Aug 28)