NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-12

Subject: Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)
From: Michael Damm (mikedACCESSNW.NET)
Date: Fri Dec 15 2000 - 14:35:43 CST

Next message: 0d0: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Previous message: Valdis Kletnieks: "Re: where user temp files should go, env var names"
In reply to: Mark Delany: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Next in thread: stanislav shalunov: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Next in thread: 0d0: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Reply: Michael Damm: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Reply: stanislav shalunov: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Reply: Ryan Russell: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 14 Dec 2000, Mark Delany wrote:

> I'm sure many people have been "guilty" of writing a quick and nasty
> shell script that ends in something like: >/tmp/out.$$

I alwas was a difficult child.
TMPKEY="$RANDOM"
echo "foo" >/tmp/blah.$TMPKEY

Easiest fix for most of these issues, works great in quick bash hacks on
untrusted systems. Im sure your OS/Programming Language of choice has
support for the latest in even semi random number generation.

-Mike

---
Michael Damm  - System Administrator  - Access Northwest, LLC  - Yakima, WA
Business:    mikedaccessnw.net - http://www.accessnw.net/ - (509) 542-3221
Personal: symetrixsymetrix.org - http://www.symetrix.org/ - (877) 534-6247

Next message: 0d0: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Previous message: Valdis Kletnieks: "Re: where user temp files should go, env var names"
In reply to: Mark Delany: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Next in thread: stanislav shalunov: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Next in thread: 0d0: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Reply: Michael Damm: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Reply: stanislav shalunov: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Reply: Ryan Russell: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]