Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)

From: Michael Damm <miked () ACCESSNW NET>
Date: Fri, 15 Dec 2000 12:35:43 -0800
On Thu, 14 Dec 2000, Mark Delany wrote:


I'm sure many people have been "guilty" of writing a quick and nasty
shell script that ends in something like:  >/tmp/out.$$


I alwas was a difficult child.
TMPKEY="$RANDOM"
echo "foo" >/tmp/blah.$TMPKEY

Easiest fix for most of these issues, works great in quick bash hacks on
untrusted systems. Im sure your OS/Programming Language of choice has
support for the latest in even semi random number generation.

        -Mike

---
Michael Damm  - System Administrator  - Access Northwest, LLC  - Yakima, WA
Business:    miked () accessnw net - http://www.accessnw.net/ - (509) 542-3221
Personal: symetrix () symetrix org - http://www.symetrix.org/ - (877) 534-6247
Previous By Date Next
Previous By Thread Next

Current thread: