> Another useful bit from FreeBSD: a O_NOFOLLOW option for open(). This
> is a nice idea will prevent lots of /tmp races.
No, as you can still put named pipe there (for example) and it results
in much more dangerous attacks. You could also make file with 0666 and
then change contents under victims hands. You really want O_CREAT |
O_EXCL. If you want to force O_EXCL to anyone using /tmp, you can use
my ld_preload hack (it was on bugtraq.)
Pavel
-- Do *NOT* buy software, GNU software is better and free! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu