Re: [9fans] Debian bug 737206 - rc shell uses insecurely /tmp

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Charles Forsyth <charles.forsyth@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Debian bug 737206 - rc shell uses insecurely /tmp
Date: Sat,  6 Dec 2014 18:29:52 +0000	[thread overview]
Message-ID: <CAOw7k5hu7BeNzN27_Qe8wAbAXGZ6T2_b5YHuM91ULv3D7OAE_Q@mail.gmail.com> (raw)
In-Reply-To: <808ad70d8182ed0f98a57281445d60f3@proxima.alt.za>

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On Sat, Dec 6, 2014 at 5:22 AM, <lucio@proxima.alt.za> wrote:

> 40 years on, you'd think someone would deal with it.

The point I was trying to make is that it was realised early on (eg, when
time-sharing at universities)
that a shared /tmp was a problem. Hacks such as +s or special schemes for
allocating files don't really
address the problem.

Now look at that number: 40. Four decades. During that time there has been
any amount of foolish
crud added to this or that kernel, distribution ,graphics subsystem,
standards, ... but instead of fixing
it after 4 0 years, we get notes explaining that it's the application's
business, in this case the shell,
or perhaps the underlying library, to try to address "security issues"
instead of fixing it, once for all.
After 40 years (more than a generation).

[-- Attachment #2: Type: text/html, Size: 1377 bytes --]

next prev parent reply	other threads:[~2014-12-06 18:29 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-05  3:38 sl
2014-12-05  9:50 ` David L. Craig
2014-12-06  0:08   ` Charles Forsyth
2014-12-06  5:22     ` lucio
2014-12-06 18:29       ` Charles Forsyth [this message]
2014-12-06 18:41         ` erik quanstrom
2014-12-06 20:56           ` Wes Kussmaul
2014-12-07  4:23           ` lucio
2014-12-07  7:31             ` erik quanstrom
2014-12-07  2:37         ` Bruce Ellis
  -- strict thread matches above, loose matches on Subject: below --
2014-12-03 23:49 Stéphane Aulery
2014-12-05  2:33 ` [9fans] " Charles Forsyth
2014-12-05  3:08   ` Bruce Ellis
2014-12-05  3:20     ` Skip Tavakkolian
2014-12-05  4:14     ` Kurt H Maier
2014-12-06  1:58       ` Bruce Ellis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOw7k5hu7BeNzN27_Qe8wAbAXGZ6T2_b5YHuM91ULv3D7OAE_Q@mail.gmail.com \
    --to=charles.forsyth@gmail.com \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).