On Tue, 08.11.11 13:31, Stijn Hoop (stijn@xxxxxxxxxx) wrote: > > Well, that way attackers might still be able fool the admin: i.e. he > > could create a directory with a service name and some randomized > > suffix and the admin might blindly believe that this directory > > belongs to the service, even if it doesn't, but belongs to the evil > > attacker. Using a fully randomized name is a bit more secure here, > > since the admin always needs to check the service first for the > > actual directory. > > But isn't the point of having namespaced /tmp that no network-facing > service is even able to create a directory in the main namespace? > In other words, if the attacker is able to create a directory in the > main namespace, you've already lost? I was talking of a local attacker here, not a remote one. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
