SM> A while ago, the use of libpam-tmpdir was suggested in order to mitigate SM> some of these attacks. It would be nice to see it in use by default, some SM> day.
SM> Obviously there will always be some programs that don't look at the SM> TMPDIR environment variable and directly use /tmp. write file to /tmp/filename == write file to $TMPDIR/filename both cases are security holes if TMPDIR=/tmp :) -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : [EMAIL PROTECTED] `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
signature.asc
Description: Digital signature
