User: Password:
Subscribe / Log in / New account

/tmp link fixes

/tmp link fixes

Posted Aug 9, 2012 10:35 UTC (Thu) by epa (subscriber, #39769)
Parent article: The conclusion of the 3.6 merge window

The restrictions on soft and hard links are long overdue. This will eliminate hordes of vulnerabilities - perhaps 20%. Unfortunately a denial-of-service attack is still possible against software which uses predictable filenames in /tmp.

Clashes of filenames are the primary reason why directories exist; each user or each program doesn't have to worry about picking a globally unique filename because it can have its own directory isolated from the others. It's a pity this lesson, otherwise widely followed in the Unix design, was ignored when it came to picking a place for temporary files. Per-user temp directories would go further still to fixing these bugs. Yes, every single program can jump through hoops to pick a unique filename and retry if necessary; but why should it have to, when directories have already been invented?

(Log in to post comments)

/tmp link fixes

Posted Aug 10, 2012 7:48 UTC (Fri) by jezuch (subscriber, #52988) [Link]

> Per-user temp directories would go further still to fixing these bugs.

Per-process temporary directories would go even further. Are there any corner cases that make it impossible that were discussed even before I was born? ;)

/tmp link fixes

Posted Aug 13, 2012 11:46 UTC (Mon) by epa (subscriber, #39769) [Link]

Strictly per-process wouldn't work for the common case of saving a temporary file to be used by an external program.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds