Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)

[Christian <christian () dijkstra MURDOCH EDU AU>]

On Thu, Dec 14, 2000 at 10:51:27PM +0000, Mark Delany wrote:

> I'm not so sure that the Internet is the cause of anti-social users
> sharing Unix systems.. Be that as it may, one of the biggest issues
> with using /tmp is it creates a security issue for a whole class of
> programs and programmers that generally don't have to worry about
> security. Programmers who write general purpose shells and editors and
> sorts shouldn't have to worry about security issues.

I'm afraid I have to strongly disagree with this.  Any program that has
to deal with untrusted data (i.e., the source of the data is not the
user running the program) has to consider security issues.  If people
who write shells and editors don't have to worry about these things then
these shells can never operate on any filenames or directory names etc.
that do not belong to the user running the shell.  Similarly editors
cannot operate on files that come from other users.  The situation is
bad enough now but imagine if you couldn't be sure whether you could
safely open up and hack that C program you just downloaded...

Unfortunately all programmers need to have a basic awareness of security
issues.  Educating them all is obviously an ENORMOUS job and making the
decision that /tmp should no longer be used and thus taken out of the
equation doesn't make this job significantly smaller.

Regards,

Christian.