Bugtraq mailing list archives
Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)
From: Michael Damm <miked () ACCESSNW NET>
Date: Fri, 15 Dec 2000 12:35:43 -0800
On Thu, 14 Dec 2000, Mark Delany wrote:
I'm sure many people have been "guilty" of writing a quick and nasty shell script that ends in something like: >/tmp/out.$$
I alwas was a difficult child. TMPKEY="$RANDOM" echo "foo" >/tmp/blah.$TMPKEY Easiest fix for most of these issues, works great in quick bash hacks on untrusted systems. Im sure your OS/Programming Language of choice has support for the latest in even semi random number generation. -Mike --- Michael Damm - System Administrator - Access Northwest, LLC - Yakima, WA Business: miked () accessnw net - http://www.accessnw.net/ - (509) 542-3221 Personal: symetrix () symetrix org - http://www.symetrix.org/ - (877) 534-6247
Current thread:
- Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Andrew Church (Dec 15)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 16)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? Hanspeter Schmid (Dec 20)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Michael Damm (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) stanislav shalunov (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Ryan Russell (Dec 18)
- Message not available
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Christian (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) DeRobertis (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mike A. Harris (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Kurt Seifried (Dec 19)
- Re: Is /tmp still appropriate? Peter W (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 16)