Re: random PID patch

Pavel Machek (pavel@ucw.cz)
Tue, 12 Nov 2002 18:42:08 +0100


Hi!

> > Sometimes, (well; frequently) programs that create temporary
> > files let the filename depend on their PID. A hacker could use
> > that knowledge. So if you know that the application that
>
> Still can if its random. The attacker can be the one who exec's the
> vulnerable app. The attacker can use dnotify
>
> > things it's not supposed to. Like forcing suid apps to create
> > a file in the startup-scripts dir. or something.
>
> Just use namespaces and give every login their own /tmp

Use namespaces? I thought export TMPDIR= was the solution ;-).

Pavel

-- 
When do you have heart between your knees?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/