[Radiance-dev] Security issue - Insecure use of files in /tmp
Randolph Fritz
rfritz at u.washington.edu
Thu Aug 14 06:11:22 PDT 2008
On Thu, 14 Aug 2008, Bernd Zeimetz wrote:
> Randolph Fritz wrote:
>> I don't understand the reasoning, here. Unless you're running Security-Enhanced Linux, if an "evil person" has an account on your system, system security is toast anyway--as the implementation of mktemp(3) (among many other features) shows, Unix was never designed to be secure against a determined attack by a malicious user.
>
> These times are gone.... and gcc warns about the use of mktemp these
> days. Even for an evil user it should not be possible to mess with
> anything but his own account....
>
But it's going to be possible, even if this particular thing is changed. Is this really more of a risk than a hundred other exploits? Or just one particular one that's been closed off? I'd hate to see Linux start running on Schneier's patch treadmill.
More information about the Radiance-dev
mailing list