[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: backup method

From: David Kastrup
Subject: Re: backup method
Date: Sat, 05 Feb 2005 11:26:49 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux)

Richard Stallman <address@hidden> writes:

>     The permissions in world-writable temp directories are almost always
>     1777 which means that nobody but the owner can delete such a file.
> I had forgotten about that feature, so thanks for reminding me.
> However, not all world-writable directories are temp directories.

If the directory permissions are 777, then you can't do any further
operation using the file _name_ after doing the creat system call (at
which point its name is known and accessible).  All you want to do
with the file, you have to do via the file descriptor returned by
creat.  The only thing you can safely do with the file name after
creat is deleting it again by name.  Everything else is open to
symlink attacks.

David Kastrup, Kriemhildstr. 15, 44793 Bochum

reply via email to

[Prev in Thread] Current Thread [Next in Thread]