Subject: Re: funlink() for fun!
To: NetBSD Kernel Technical Discussion List <tech-kern@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 07/14/2003 19:56:44
> Unfortunately I still see too many NetBSD programs creating and
> removing temporary files directly in /tmp and /var/tmp, and of course
> the default sysinst still creates those directories on filesystems
> which also contain other sensitive informatoin.
I'm (still?) not convinced this is a problem. Given O_EXCL, stat() and
fstat(), and sticky directories, I can't see what the danger is.
I discount admins doing things like leaving /usr world-writeable, or
/tmp non-sticky. I consider that akin to leaving /dev/mem mode 666:
you can do it, but you have nobody to blame but yourself. And it most
certainly is not for the system to protect you from the consequences.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML firstname.lastname@example.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B