Subject: Re: funlink() for fun!
To: Bill Studenmund <firstname.lastname@example.org>
From: None <email@example.com>
Date: 07/15/2003 15:09:54
On Tue, Jul 15, 2003 at 11:47:20AM -0700, Bill Studenmund wrote:
> On Mon, 14 Jul 2003, Greg A. Woods wrote:
> > The underlying goal of having a system call that can unlink a file when
> > given a file descriptor open on that file is to avoid an unfortunately
> > common insecure programming technique commonly called a "Time-Of-Check,
> > Time-Of-Use (TOCTOU) race condition". Calls to unlink() are vulnerable
> > if they are passed the fully qualified pathname of a file that was
> > created in or under an insecure (i.e. world-writable) directory, even if
> Since the program should (or can) know the path the file should have, let
> it take care of remembering it. That way only the cases that need this
> bother with it.
Not really -- file descriptors inherited from parent processes:
shell redirections and such.
But the problem is not race conditions in world writeable directories
-- that is already solved. Sticky bits, etc. Don't make mode 777
directories for temporary files. I can't see why we need a new system
Are we certain the horse is dead yet?