[Radiance-dev] Security issue - Insecure use of files in /tmp
Randolph Fritz
rfritz at u.washington.edu
Fri Aug 15 11:55:02 PDT 2008
On Thu, 14 Aug 2008, Bernd Zeimetz wrote:
> Randolph Fritz wrote:
>> On Thu, 14 Aug 2008, Bernd Zeimetz wrote:
>> But it's going to be possible, even if this particular thing is
>> changed. Is this really more of a risk than a hundred other exploits?
>> Or just one particular one that's been closed off? I'd hate to see
>> Linux start running on Schneier's patch treadmill.
>
> So which other exploit (which is as trivial as abusing /tmp) do you know?
>
Denial of service by gobbling system resources. It strikes me that this particular security measure is more useful in transaction-processing environments, where I agree it has some value. That is not, however, a very common use of Radiance components.
Randolph
More information about the Radiance-dev
mailing list