[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: backup method
From: |
Han Boetes |
Subject: |
Re: backup method |
Date: |
Thu, 3 Feb 2005 11:15:36 +0100 |
User-agent: |
Mutt/1.5.6i |
David Kastrup wrote:
> The permissions in world-writable temp directories are almost
> always 1777 which means that nobody but the owner can delete
> such a file. Symlink attacks are only possible when the file
> name can be guessed by an outside attacker _before_ the file is
> created.
Just a few thoughts.
Perhaps it's an idea to add a function at the C-level that uses
mkstemp?
Since creating a tmp-file with a random name and then moving it to
the proper name is not expensive I see no reason simply do that
for all files.
The mktemp(1) manpage explains very well how normal programs can
create secure files in world-writable dirs.
# Han