Quoting Valdis.Kletnieks@xxxxxx (Valdis.Kletnieks@xxxxxx): > (Sorry for the late reply, didn't have time last few days to drink from the > lkml firehose) > > On Thu, 03 Jun 2010 14:00:51 PDT, Kees Cook said: > > On Thu, Jun 03, 2010 at 01:02:48PM -0700, Eric W. Biederman wrote: > > > Kees Cook <kees.cook@xxxxxxxxxxxxx> writes: > > > > A long-standing class of security issues is the symlink-based > > > > time-of-check-time-of-use race, most commonly seen in world-writable > > > > directories like /tmp. The common method of exploitation of this flaw > > > > > > Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > > > > > > This approach to fix the problem to of /tmp looks to me like it > > > will have the opposite effect. I think this patch will encourage > > > more badly written applications. > > > > How to safely deal with /tmp has been well understood for well over > > a decade. I don't think this change would "encourage" poor code. > > The fact that you're proposing this patch a decade after we "well understood" > the problem should suggest that it *will* encourage poor code, as the same > programmers who don't currently get it right (and are thus the targets of your > patch) will quite likely just say "Oh, I saw a patch for that, I don't have to > try to do it right..." Come on, now, that's a leap, really... I'm all for doing both this patch AND pushing for per-user /tmp. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
