acheng@uiucdcs.CS.UIUC.EDU (09/30/85)
>/* Written 9:46 am Sep 25, 1985 by mike@whuxl.UUCP in uiucdcs:net.unix-wizar */ >/* ---------- "Re: Re: Another reason why - really" ---------- */ >> > /tmp is world writeable. This means that anyone can unlink tmp files. >> ... >> Easy. have your application make a subdirectory in /tmp, and then place >> a file within that subdir. As long as your subdirectory is not world >> writeable, you can place tmp files there w/o having a window of vulnerability. > >But anyone can still move the directory in /tmp, and put another one >in its place. The problem is still there. You got some real nasty fellow users there. Suggestions: 1) Use the tmp file in the current directory then. If the user worries, he/she should either cd to a protected one or chmod the current one. Use mktemp for a unique temp. file name. This is even safer than using the same /tmp/tmpxxxxx name. 2) Track down the nasty user and send him a mail like this: mail bad-guy < /unix # or whatever kernel your site uses He would have a hard time to read his mail. :} Please don't take this part seriously. Mail bombs are terrorism and you don't want to take the law into your own hand. Report it to your "root" user.