Recent Features
| |||||||||||||
'Drug cocktail' to fix /tmp bugs'Drug cocktail' to fix /tmp bugsPosted Dec 19, 2011 13:54 UTC (Mon) by incase (subscriber, #37115)In reply to: 'Drug cocktail' to fix /tmp bugs by epa Parent article: Fixing the symlink race problem
@epa:
Actually, fixing all of Debian (I take that as a synonym for "fixing all the software you can find") still does make sense even if the Linux kernel "fixes" this issue: There are still heaps of other Unix systems that might be affected by the same insecure temporary file handling problem, there are lots of systems running older kernels but sometimes (manually compiled) newer applications,.... So in either case, I think the kernel should take measures appropriate to mitigate this attack vector, while applications should be fixed to use more secure access patterns to avoid this problem (both on Linux and on other potentially affected systems).
(Log in to post comments)
'Drug cocktail' to fix /tmp bugs Posted Dec 20, 2011 10:10 UTC (Tue) by epa (subscriber, #39769) [Link]
I thoroughly agree: fix the kernel *and* fix the applications. That's what I intended to say in the earlier post.
But even if for some reason you can't fix the applications, fix the kernel anyway!
|
|||||||||||||