Date: Thu, 20 Jan 2000 11:23:49 -0500 (EST) From: Andriss <andriss@andriss.com> To: questions@freebsd.org Subject: suggestion to prevent /tmp races Message-ID: <Pine.BSF.4.21.0001201118020.75919-100000@netmint.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hello, After reading the latest advisory on the make -j /tmp race I decided to post to the list a suggestion that could theoretically prevent or make significantly harder the /tmp races... For example, if you set the following permissions on /tmp: drwxrwx-wt 3 root wheel 512 Jan 20 11:17 tmp ... no ordinary users will be able to list the directory, but they can list (and fully use) their own files if they know what the file name is. Now, users don't have to list the directory at all! They just have to be able to create the files, and use them. 99% of the time, it's some program that creates that files for the user, for instance Pine. Not being able to list the directory would not break this behaviour.. A similar suggestion could also apply to vi.recover.. Andriss - -- ______________________________________________________________ Andrey Kholodenko <andriss@andriss.com> http://www.andriss.com Download My Public PGP Key From http://www.andriss.com/pgp.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOIc2mCQe9jf/ODl9AQGvdAP+Ove7kHez9dCoiaQD9snHxkzVPwb4xdx9 4FV6V0qHbRxDM0/WIhBnfD+2eSD5EAPfsPqya/6jJ3OSpek7dXWn283bzdap+vnm rrt7ugdGj4dSA6TjKkwFHT/tenE9ZvOznHtR3W9vgvEEoNHfFr245v/kXksvrScb GZaXDe48FeA= =GOiv -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001201118020.75919-100000>