Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x

Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x

(no name) ((no email))
Wed, 16 Aug 1995 23:07:30 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nathan Lawson: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Andy Poling: "Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x"
In reply to: Panzer Boy: "Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x"

Panzer Boy wrote:
>
>: It should be possible to have a temporary directory for each user,
>: such as /tmp/username (or any other place you care to put it).
>
>: This would fix a great many problems, and apart from UNIX tradition,
>: I see no reason against it.
>
>Just the easy sharing of files, and why make /tmp/username, why not
>/home/username... :)

Easy sharing of files is no problem: have one /tmp/common.

/home/username: Well, I believe quite a few sites periodically
clean out /tmp (at least on each reboot); I suspect fewer sites
clean out /home that way :-)

Sticky bit on /tmp: it goes a long way towards a solution, but numerous
denial of service attacks are still possible.  What about "touch
/tmp/mbox.username", to name a simple one?  How many programs
open a file with a predictable name in /tmp, and neglect to
do an open(..., O_CREAT|O_EXCL)?
--
Thomas Koenig, Thomas.Koenigciw.uni-karlsruhe.de, ig25dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.

Next message: Nathan Lawson: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Andy Poling: "Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x"
In reply to: Panzer Boy: "Re: personalized /tmp (was: BUGTRAQ ALERT: Solarix 2.x"