Eric Haszlakiewicz wrote:
> On Sun, Jul 29, 2007 at 12:37:26PM +0200, Adam Hamsik wrote:
>> On Jul 29, 2007, at 7:57 AM, Darren Reed wrote:
>>> If buggy software writes in an area of memory that it shouldn't,
>>> lets say it puts your password there by accident, then it appears
>>> another process can get that.
>>>
>> if buggy software creates file in /tmp with my password other process  
>> can get that pass ,too.
>>
>>> It is a security exposure (but not a serious one) because it is a
>>> means for data from one application to be "stolen" by another.
>>>
>> I doesn't see your point here, it's application problem.
> 
> Yes, that would be an application problem, but the OS shouldn't encourage
> problems like this with unintuitive behaviour, or if it does, then it
> should be clearly documented.

Indeed, and filesystem issues with permissions, etc, are widely
known and respected.  Things like this, not so, not to mention
that it is counterintuitive and uncontrollable (aside from not
writing there in the first place :)  I'm more worried about what
other problems might be hiding and are as yet undiscovered if
we're not doing zero fills when we should be.

Darren