From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <20141203234918.GA27533@free.fr> References: <20141203234918.GA27533@free.fr> Date: Fri, 5 Dec 2014 02:33:20 +0000 Message-ID: Subject: Re: [9fans] Debian bug 737206 - rc shell uses insecurely /tmp From: Charles Forsyth To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Cc: Russ Cox , anselm@garbe.us, 9trouble@plan9.bell-labs.com Content-Type: multipart/alternative; boundary=089e013a14087467e605096ee656 Topicbox-Message-UUID: 339da430-ead9-11e9-9d60-3106f5b1d025 --089e013a14087467e605096ee656 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Dec 3, 2014 at 11:49 PM, St=C3=A9phane Aulery wro= te: > discovered that rc > creates temporary files in an insecure way: > rc was built for a system that made /tmp secure by not sharing it (it's always private to a user and even sometimes to a set of processes). That way not every app has to try to help sustain the pretence that a shared /tmp can really be secured (+s bits, EXCL create, etc..) Obviously the version for Unix will have to change its generation scheme to fit in. --089e013a14087467e605096ee656 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

= On Wed, Dec 3, 2014 at 11:49 PM, St=C3=A9phane Aulery <= ;saulery@free.fr&g= t; wrote:
discovered that rc
=C2=A0 =C2=A0creates temporary files in an insecure way:
=

rc was built for a system that made /tmp secure by not sharing it= (it's always private to a user and even sometimes to a set of processe= s).
That way not every app has to try to he= lp sustain the pretence that a shared /tmp can really be secured (+s bits, = EXCL create, etc..)
Obviously the version f= or Unix will have to change its generation scheme to fit in.
--089e013a14087467e605096ee656--