On Sun, 25 Mar 2007, Henrique de Moraes Holschuh wrote: > want it for. It is the only failure-proof way to make sure temporary files > cannot be attacked from outside, and also that they will disappear if the
Err, there are a lot of "provided that <foo doesn't happen>" stuff in the "cannot be attacked from the outside". I should make that clear. Some of them I can recall immediately are: 1. Before you unlink the file, it can be attacked. Too bad we don't have a "create an unlinked file" operation (do we?), it is often what you want to do so that you can have backing store other than swap space... 2. After you unlink the file, that pesky /proc filesystem will still have a link to it for all processes in the same namespace as the process that created the file, and the file can be attacked through that link. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
