There are some nasty attacks with links and symlinks in temp directories (see bugtraq for an extended list). Some programs solve this by putting temp files in home directories. This is clearly suboptimal (networked home directory, quotas, ...). /tmp and /var/tmp are there for a good reason.
One possible solution would be to give each user a personal /var/tmp/<username>, mode 700, and have as many functions (mktemp, ...) return a string to there. Loss: a few inodes. Gain: fewer security holes. Comments? -- Thomas Koenig, [EMAIL PROTECTED], [EMAIL PROTECTED] The joy of engineering is to find a straight line on a double logarithmic diagram. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
