[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: creating backups in temporary directories
From: |
David Kastrup |
Subject: |
Re: creating backups in temporary directories |
Date: |
Sun, 09 Sep 2007 21:45:12 +0200 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1.50 (gnu/linux) |
Stefan Monnier <address@hidden> writes:
>> Worse yet: creating backup files in /tmp would be a security hole:
>> some other user seeing you're currently editing /tmp/foo could create
>> a symlink /tmp/foo~ to some interesting place and then when you save your
>> file the backup could be placed at that interesting place chosen by
>> the attacker.
>
>> Is that equally true for any directory that others can write?
>
> Yes.
Well, there is sort of a difference: /tmp and similar are
world-writable because of technical reasons. Other directories might
be accessible to more than one person (usually group-accessible)
creating an explicit location for cooperation. So malicious attacks
are not as much anticipated there, also because they are not generally
available (/tmp and /var/tmp are on pretty much every system).
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
- Re: creating backups in temporary directories, (continued)
- Re: creating backups in temporary directories, Richard Stallman, 2007/09/09
- Re: creating backups in temporary directories, Stefan Monnier, 2007/09/09
- Re: creating backups in temporary directories, Davis Herring, 2007/09/07
- Re: creating backups in temporary directories, Chris Moore, 2007/09/08
- Re: creating backups in temporary directories, Richard Stallman, 2007/09/08
- Re: creating backups in temporary directories, Stefan Monnier, 2007/09/09
- Re: creating backups in temporary directories,
David Kastrup <=
- Re: creating backups in temporary directories, Richard Stallman, 2007/09/09