lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV fotemods.zip update


From: Foteos Macrides
Subject: Re: LYNX-DEV fotemods.zip update
Date: Wed, 21 May 1997 17:51:51 -0500 (EST)

Greg Marr <address@hidden> wrote:
>At 11:09 AM 5/21/97 -0500, Foteos Macrides wrote:
>>      As far as "privacy" issues associated with the Unix /tmp
>>design are concerned, even systems which now have the "sticky bit"
>>feature typically don't use it.  I've yet to get on a Unix system
>>in which I couldn't read any file in the /tmp tree, and there was
>>no need for spoofing via links to do it. :) :)
>
>As I understand the "Unix /tmp design", the sticky bit has nothing to do
>with whether or not you could read the files, but whether or not you could
>delete them.  /tmp usually has drwxrwxrwt permissions, which means that
>anybody can write to the directory, anybody can read it, but people can
>only delete files they own.  The privacy aspect is enforced by the files
>and subdirectories not having world-read access.  Is there some other
>aspect of the sticky bit that I am unaware of?

        OK.  I've never seen the sticky bit feature actually used, and
apparently read in additional things that are needed.

        In general, if one could count on Unix sites creating a series
of /tmp/$USER directories for each account the system supports, and to
set thing up so that files created in them are both secure and private,
then TEMP_SPACE could be defined to that, and Lynx could translate the
$USER via a getenv("USER"), homologously to what it does for tildes,
and create /tmp/user/LPIDcountTMP.suffix temporary files that are both
secure and private for the Unix folks.

                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]