|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)
From: Ryan Russell (ryan
SECURITYFOCUS.COM)Date: Mon Dec 18 2000 - 15:47:37 CST
- Next message: Thomas Reinke: "Re: cache cookies?"
- Previous message: Trustix Secure Linux Team: "Trustix Security Advisory - ed, tcsh, and ftpd-BSD"
- In reply to: Michael Damm: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
- Next in thread: 0d0: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
- Reply: Ryan Russell: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 15 Dec 2000, Michael Damm wrote:
> I alwas was a difficult child.
> TMPKEY="$RANDOM"
> echo "foo" >/tmp/blah.$TMPKEY
Which allows for the possibility of collisions. Various instances of
the script might on rare occasion step on each-others temp files, causing
problems at, uh... random. That's why $$ is used, because the OS is
responsible for making sure process IDs are unique for all the current
processes.
Ryan
- Next message: Thomas Reinke: "Re: cache cookies?"
- Previous message: Trustix Secure Linux Team: "Trustix Security Advisory - ed, tcsh, and ftpd-BSD"
- In reply to: Michael Damm: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
- Next in thread: 0d0: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
- Reply: Ryan Russell: "Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]