Bugtraq mailing list archives
Re: where user temp files should go, env var names
From: Nick Phillips <nwp () CHECKAPRICE COM>
Date: Thu, 21 Dec 2000 12:53:51 +0000
On Tue, Dec 19, 2000 at 12:55:34AM -0500, Mike A. Harris wrote:
The kernel doesn't differentiate between directories in the filesystem. For all the kernel cares /tmp is where user directories are stored. The kernel doesn't ever know or treat differently any names of dirs in the filesystem. This definitely has nothing at all to do with the kernel whatsoever. It is a userland programming issue. The kernel does not impose policy decisions upon systems, that is what a sysadmin is for. Fix the programmer.
This is illogical. The sysadmin makes the policy and uses the kernel (amongst other things) to impose it. In this instance the programmer is effectively just another user who cannot be trusted. Therefore it is reasonable for the kernel to provide the sysadmin with the means to enforce their policy on programmers as well as "normal" users. By all means fix the programmers too, but remember that they are just a particular type of user using the facilities provided to them; if the facilities provided to them (libs, syscalls, kernel etc.) allow them to do silly things, you should expect them to do silly things. Cheers, Nick
Current thread:
- [hacksware]Pine temporary file hijacking vulnerability JW Oh (Dec 12)
- Re: [hacksware]Pine temporary file hijacking vulnerability Thomas Corriher (Dec 13)
- Re: where user temp files should go, env var names Peter W (Dec 14)
- Re: where user temp files should go, env var names Andrzej Chabierski (Dec 16)
- Re: where user temp files should go, env var names Valdis Kletnieks (Dec 18)
- Re: where user temp files should go, env var names Aaron Drew (Dec 18)
- Re: where user temp files should go, env var names Mike A. Harris (Dec 19)
- Re: where user temp files should go, env var names Nick Phillips (Dec 21)
- Re: where user temp files should go, env var names Peter J . Holzer (Dec 21)
- Re: where user temp files should go, env var names Doug Wyatt (Dec 21)
- Message not available
- Re: where user temp files should go, env var names Jay R. Ashworth (Dec 21)
- Re: where user temp files should go, env var names Peter W (Dec 14)
- Re: [hacksware]Pine temporary file hijacking vulnerability Thomas Corriher (Dec 13)
- Re: [hacksware]Pine temporary file hijacking vulnerability Christopher X. Candreva (Dec 14)