Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/5/84; site sunybcs.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!rochester!rocksanne!sunybcs!loverso
From: loverso@sunybcs.UUCP (John Robert LoVerso)
Newsgroups: net.unix-wizards
Subject: Re: Another reason why - really /tmp
Message-ID: <2279@sunybcs.UUCP>
Date: Fri, 20-Sep-85 15:50:02 EDT
Article-I.D.: sunybcs.2279
Posted: Fri Sep 20 15:50:02 1985
Date-Received: Wed, 25-Sep-85 03:37:43 EDT
References: <1149@brl-tgr.ARPA> <182@graffiti.UUCP> <764@rlgvax.UUCP>
Organization: SUNY/Buffalo Computer Science
Lines: 19

From: peter@rlgvax.UUCP (Peter Klosky) 16 Sep 85 <764@rlgvax.UUCP>
> > For security make your /tmp file 0600 mode.
> 
> /tmp is world writeable.  This means that anyone can unlink tmp files. 
> In particular, my application wants to pass state data from a child
> process to a parent prodcess via a tmp file that the child creates,
> and there are windows of vulnerability in this scheme, due to the unlink
> trouble.

Easy.  have your application make a subdirectory in /tmp, and then place
a file within that subdir.  As long as your subdirectory is not world
writeable, you can place tmp files there w/o having a window of vulnerability.

I also changed /etc/rc to clear /tmp with an rm -r

	John
--
John Robert LoVerso @ SUNY/Buffalo Computer Science (716-636-3190)
LoVerso%Buffalo@CSNET-RELAY  -or-  ..!{watmath|dual|decvax}!sunybcs!loverso