Full Disclosure mailing list archives
Re: Symlink vulnerabilities
From: Byron Sonne <byron.sonne () gmail com>
Date: Sat, 22 Oct 2011 01:23:34 -0400
If you are in charge of a distro, it would not hurt to nuke it altogether and change all packages in your control to use per-user $TMPDIR. Some third-party stuff will break - but it breaks every now and then anyway.
Excellent suggestion, and you've piqued my curiosity. What distros exist that implement tmp dirs in such a way? I haven't come across any, and the more I think about it, the more I wish that this is something I would see. If you had your way, would you see it implemented as /tmp/<USER> /<USER>/tmp, or some other way? Cheers, B -- freebyron.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symlink vulnerabilities bugs (Oct 21)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 21)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 21)
- Re: Symlink vulnerabilities Byron Sonne (Oct 21)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 21)
- Re: Symlink vulnerabilities Raj Mathur (राज माथुर) (Oct 21)
- Re: Symlink vulnerabilities James Condron (Oct 22)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 22)
- Re: Symlink vulnerabilities Michal Zalewski (Oct 21)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 21)
- Re: Symlink vulnerabilities dave bl (Oct 21)
- Re: Symlink vulnerabilities bugs (Oct 22)
- Re: Symlink vulnerabilities Leon Kaiser (Oct 24)
- Re: Symlink vulnerabilities bugs (Oct 24)