[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#278283: insecure temporary file usage in gettextize and autopoin
From: |
Bruno Haible |
Subject: |
Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd) |
Date: |
Tue, 26 Oct 2004 19:56:53 +0200 |
User-agent: |
KMail/1.5 |
Thomas Dickey wrote:
> > is to make filename sit in a temporary directory under /tmp, not directly
> > in /tmp ?
>
> For the truly paranoid, even that is not sufficient.
Why? The creation of the temp directory cannot erase a file, and once the
directory is created with mode 077, an attacker cannot place a symlink into
it. What kind of attack is still possible with a temp directory with mode 077?
Can you please explain?
Bruno
- Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Santiago Vila, 2004/10/25
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Jarc, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Eggert, 2004/10/26