On Mon, Apr 20, 1998 at 01:20:10PM +0100, Ian Jackson wrote: > We should modify our libc so that opening a file in /tmp or /var/tmp - > determined by simple string comparison of the filename passed to > open(2) - fails if O_CREAT is specified without O_EXCL. > > We should do this in slink. That way almost any program with a /tmp > security hole will stop working straight away and _have_ to be fixed.
And then change libc back, presumably, before making the next stable release? In that case, I think it may be a good idea. But how about this: I often extract tar files to a directory in /tmp. If /home is nfs-mounted, this can be considerably faster, and it gets cleaned up automatically sooner or later. 'tar' almost certainly doesn't open files with O_EXCL... maybe it should? Avery -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]