-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/25/07 20:48, Henrique de Moraes Holschuh wrote: > On Sat, 24 Mar 2007, Ron Johnson wrote: >>> On the contrary. It makes it so that the only way that someone can get >>> to the file is by having cracked the kernel itself. That is, without >>> the file descriptor, no other process can get to the data. For example, >>> qemu does this. Lots of other programs do this as well for security. >>> They open the file, immediately unlink it and then the only access is >>> via the file descriptor. >> That reminds me of the Vietnam War philosophy "we had to destroy the >> village in order to save the village". It was bad "design" 40 years >> ago, it's a bad design now. > > No. You destroy the village in order for it not be able to bother you > anymore, because you care a lot more about your objectives than the people > in the village. > > And it is *excellent* design to unlink an open file depending on what you > want it for. It is the only failure-proof way to make sure temporary files > cannot be attacked from outside, and also that they will disappear if the > program crashes, exits, or has other problems. You can easily change that > to a "unlink on sucessfull exit" thing when running in debug mode, too.
It's excellent only if your filesystem does not have rich-enough semantics to protect your files from outside snoops. > - -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGB3vJS9HxQb37XmcRAjSyAJ46AboMCbnL58NTMMZpNMCRSN5yyACgj4ln bXIp6JISHhA532jpXiPj3Mo= =GM7k -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]