[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Andreas Schwab
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Tue, 05 Mar 2002 11:20:00 +0100
User-agent: Gnus/5.090005 (Oort Gnus v0.05) Emacs/21.2.50 (ia64-suse-linux)

Richard Stallman <address@hidden> writes:

|> If /var/games is treated just like /tmp, meaning anyone can create a
|> file in it, then it will raise the same security issues as /tmp.  We
|> could perhaps use the code that Al Petrovsky sent, if that is correct.

The convention for /var/games is that it is writable for a special group
(game) only, and any program wanting to have access to it must be setgid


Andreas Schwab, SuSE Labs, address@hidden
SuSE GmbH, Deutschherrnstr. 15-19, D-90429 N├╝rnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

reply via email to

[Prev in Thread] Current Thread [Next in Thread]