Bugtraq mailing list archives
Re: GCC 2.7.? /tmp files
From: mikedoug () TEXAS NET (Michael Douglass)
Date: Fri, 16 Jan 1998 00:42:20 -0600
On Thu, Jan 15, 1998 at 10:46:06PM +0100, Micha³ Zalewski said: This is a _simple_ one to 'fix'. My personal belief is that if anyone is at all concerned about /tmp explots, they will create a 'tmp' directory within their home directory and then set the TMPDIR environment variable to reference it. Most of the programs in use today will honor it; and if you are worried about the general user on your system, add to the system profile to set their TMPDIR (and I guess you could check for the existance of it and create it if necessary). There are just too many issues to deal with in the /tmp exploits; and this method removes them _ALL_. (Oh, just don't have your home dir executable and your tmp dir world writable at least. :)
During compilation, gcc uses following temporary files: /tmp/ccXXXXXX.i /tmp/ccXXXXXX.s /tmp/ccXXXXXX.o
-- Michael Douglass Texas Networking, Inc. <tnet admin> anyway, I'm off, perl code is making me [a] crosseyed toady
Current thread:
- Re: GCC 2.7.? /tmp files Michael Douglass (Jan 15)
- MC shell scripts Micha? Zalewski (Jan 17)
- Re: GCC 2.7.? /tmp files Theo de Raadt (Jan 18)
- Re: GCC 2.7.? /tmp files Perry E. Metzger (Jan 18)
- Solaris ftpd D.O.S. Stanley Stasiak (Jan 19)
- Buffer overflow in Yapp Conferencing System... satan (Jan 20)
- Re: Solaris ftpd D.O.S. Aggelos P. Varvitsiotis (Jan 20)
- Re: Solaris ftpd D.O.S. Casper Dik (Jan 20)
- SNI-23: SSH - Vulnerability in ssh-agent Secure Networks Inc. (Jan 20)
- How to recover private keys for various Microsoft products Aleph One (Jan 20)
- HP-UX CUE, CUD and LAND vulnerabilities Aleph One (Jan 21)
(Thread continues...)