Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site lsuc.UUCP
Path: utzoo!lsuc!dave
From: dave@lsuc.UUCP (David Sherman)
Newsgroups: net.unix-wizards
Subject: Re: Another reason why - really /tmp
Message-ID: <807@lsuc.UUCP>
Date: Thu, 26-Sep-85 17:22:24 EDT
Article-I.D.: lsuc.807
Posted: Thu Sep 26 17:22:24 1985
Date-Received: Thu, 26-Sep-85 17:37:46 EDT
References: <1149@brl-tgr.ARPA> <182@graffiti.UUCP> <764@rlgvax.UUCP> <2279@sunybcs.UUCP>
Reply-To: dave@lsuc.UUCP (David Sherman)
Organization: Law Society of Upper Canada, Toronto
Lines: 23
Summary: doesn't entirely solve the problem

In article <2279@sunybcs.UUCP> loverso@sunybcs.UUCP (John Robert LoVerso) writes:
>From: peter@rlgvax.UUCP (Peter Klosky) 16 Sep 85 <764@rlgvax.UUCP>
>> > For security make your /tmp file 0600 mode.
>> 
>> /tmp is world writeable.  This means that anyone can unlink tmp files. 
>> In particular, my application wants to pass state data from a child
>> process to a parent prodcess via a tmp file that the child creates,
>> and there are windows of vulnerability in this scheme, due to the unlink
>> trouble.
>
>Easy.  have your application make a subdirectory in /tmp, and then place
>a file within that subdir.  As long as your subdirectory is not world
>writeable, you can place tmp files there w/o having a window of vulnerability.

Well, you can't LOSE your data, but you can still have it misplaced
for you. All the "bad guy" has to do is mv /tmp/yourdir /tmp/nowhere,
and your parent process will never find it.

Dave Sherman
The Law Society of Upper Canada
Toronto
-- 
{  ihnp4!utzoo  pesnta  utcs  hcr  decvax!utcsri  }  !lsuc!dave