> > Sometimes, (well; frequently) programs that create temporary
> > files let the filename depend on their PID. A hacker could use
> > that knowledge. So if you know that the application that
>
> Still can if its random. The attacker can be the one who exec's the
> vulnerable app. The attacker can use dnotify
>
> > things it's not supposed to. Like forcing suid apps to create
> > a file in the startup-scripts dir. or something.
>
> Just use namespaces and give every login their own /tmp
Use namespaces? I thought export TMPDIR= was the solution ;-).
Pavel
-- When do you have heart between your knees? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/