From mboxrd@z Thu Jan  1 00:00:00 1970
From: Skip Tavakkolian <skip.tavakkolian@gmail.com>
Content-Type: multipart/alternative;
	boundary=Apple-Mail-3D0ABF21-C73A-490B-BE65-4B1F3E1AE722
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <A5F45619-2429-49EF-A6C3-52C66D28C7A0@gmail.com>
Date: Thu,  4 Dec 2014 19:20:53 -0800
References: <20141203234918.GA27533@free.fr>
	<CAOw7k5h7i8ka6xhLWqGccHRZoqt1ybb5MUAWSYth5_cR0=Q7LA@mail.gmail.com>
	<CAJQxxwm7ijEdjSUf73yCcUFS-nRwss1=MfK01+XJpAjQ_+2zdQ@mail.gmail.com>
In-Reply-To: <CAJQxxwm7ijEdjSUf73yCcUFS-nRwss1=MfK01+XJpAjQ_+2zdQ@mail.gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Debian bug 737206 - rc shell uses insecurely /tmp
Topicbox-Message-UUID: 33b9d1a0-ead9-11e9-9d60-3106f5b1d025


--Apple-Mail-3D0ABF21-C73A-490B-BE65-4B1F3E1AE722
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

+1 =F0=9F=98=84


> On Dec 4, 2014, at 7:08 PM, Bruce Ellis <bruce.ellis@gmail.com> wrote:
>=20
> Don't these people have better things to do than finding non-bugs in syste=
ms they don't understand?
>=20
> brucee
>=20
>> On 5 December 2014 at 13:33, Charles Forsyth <charles.forsyth@gmail.com> w=
rote:
>>=20
>>> On Wed, Dec 3, 2014 at 11:49 PM, St=C3=A9phane Aulery <saulery@free.fr> w=
rote:
>>> discovered that rc
>>>    creates temporary files in an insecure way:
>>=20
>> rc was built for a system that made /tmp secure by not sharing it (it's a=
lways private to a user and even sometimes to a set of processes).
>> That way not every app has to try to help sustain the pretence that a sha=
red /tmp can really be secured (+s bits, EXCL create, etc..)
>> Obviously the version for Unix will have to change its generation scheme t=
o fit in.
>=20

--Apple-Mail-3D0ABF21-C73A-490B-BE65-4B1F3E1AE722
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>+1 =F0=9F=98=84<br><br></div><div><br>=
On Dec 4, 2014, at 7:08 PM, Bruce Ellis &lt;<a href=3D"mailto:bruce.ellis@gm=
ail.com">bruce.ellis@gmail.com</a>&gt; wrote:<br><br></div><blockquote type=3D=
"cite"><div><div dir=3D"ltr">Don't these people have better things to do tha=
n finding non-bugs in systems they don't understand?<div><br></div><div>bruc=
ee</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On 5=
 December 2014 at 13:33, Charles Forsyth <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:charles.forsyth@gmail.com" target=3D"_blank">charles.forsyth@gmail.com<=
/a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div=
 class=3D"gmail_extra"><span class=3D""><br><div class=3D"gmail_quote">On We=
d, Dec 3, 2014 at 11:49 PM, St=C3=A9phane Aulery <span dir=3D"ltr">&lt;<a hr=
ef=3D"mailto:saulery@free.fr" target=3D"_blank">saulery@free.fr</a>&gt;</spa=
n> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div style=3D"overflow:hidden"> d=
iscovered that rc<br>
&nbsp; &nbsp;creates temporary files in an insecure way:</div></blockquote><=
/div><br></span>rc was built for a system that made /tmp secure by not shari=
ng it (it's always private to a user and even sometimes to a set of processe=
s).</div><div class=3D"gmail_extra">That way not every app has to try to hel=
p sustain the pretence that a shared /tmp can really be secured (+s bits, EX=
CL create, etc..)</div><div class=3D"gmail_extra">Obviously the version for U=
nix will have to change its generation scheme to fit in.</div></div>
</blockquote></div><br></div>
</div></blockquote></body></html>=

--Apple-Mail-3D0ABF21-C73A-490B-BE65-4B1F3E1AE722--