[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: backup method

From: Han Boetes
Subject: Re: backup method
Date: Mon, 31 Jan 2005 05:07:17 +0100
User-agent: Mutt/1.5.6i

Richard Stallman wrote:
> But why avoid making backups for /tmp? Is there some specific
> reason why it is bad to make backups for /tmp? Or was the idea
> nothing more than "these files are unimportant anyway"?

Symlink attacks.

If you are going open /tmp/tmpfile, you will also create
/tmp/tmpfile~ as a backup. Now I can do two things:

  touch /home/mine/foo
  chmod 666 /home/mine/foo
  ln -s /home/mine/foo /tmp/tmpfile~

And after the tmpfile creation of your file has been done I can
read the contents of the tempfile.

  ln -s /home/you/.shellrc /tmp/tmpfile~

And making the backup will overwrite your .shellrc.

# Han

reply via email to

[Prev in Thread] Current Thread [Next in Thread]