(Sorry for the late reply, didn't have time last few days to drink from the lkml firehose) On Thu, 03 Jun 2010 14:00:51 PDT, Kees Cook said: > On Thu, Jun 03, 2010 at 01:02:48PM -0700, Eric W. Biederman wrote: > > Kees Cook <kees.cook@xxxxxxxxxxxxx> writes: > > > A long-standing class of security issues is the symlink-based > > > time-of-check-time-of-use race, most commonly seen in world-writable > > > directories like /tmp. The common method of exploitation of this flaw > > > > Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > > > This approach to fix the problem to of /tmp looks to me like it > > will have the opposite effect. I think this patch will encourage > > more badly written applications. > > How to safely deal with /tmp has been well understood for well over > a decade. I don't think this change would "encourage" poor code. The fact that you're proposing this patch a decade after we "well understood" the problem should suggest that it *will* encourage poor code, as the same programmers who don't currently get it right (and are thus the targets of your patch) will quite likely just say "Oh, I saw a patch for that, I don't have to try to do it right..."
Attachment:
pgpqBQZZLzrYb.pgp
Description: PGP signature
