From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
In-Reply-To: <808ad70d8182ed0f98a57281445d60f3@proxima.alt.za>
References: <CAOw7k5iWa7w3MaPExb6CoFJH7c39N_tBcwYYnjZVGLkpe7cEKA@mail.gmail.com>
	<808ad70d8182ed0f98a57281445d60f3@proxima.alt.za>
Date: Sat,  6 Dec 2014 18:29:52 +0000
Message-ID: <CAOw7k5hu7BeNzN27_Qe8wAbAXGZ6T2_b5YHuM91ULv3D7OAE_Q@mail.gmail.com>
From: Charles Forsyth <charles.forsyth@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: multipart/alternative; boundary=001a113a6f741b7857050990614f
Subject: Re: [9fans] Debian bug 737206 - rc shell uses insecurely /tmp
Topicbox-Message-UUID: 352e13f2-ead9-11e9-9d60-3106f5b1d025

--001a113a6f741b7857050990614f
Content-Type: text/plain; charset=UTF-8

On Sat, Dec 6, 2014 at 5:22 AM, <lucio@proxima.alt.za> wrote:

> 40 years on, you'd think someone would deal with it.


The point I was trying to make is that it was realised early on (eg, when
time-sharing at universities)
that a shared /tmp was a problem. Hacks such as +s or special schemes for
allocating files don't really
address the problem.

Now look at that number: 40. Four decades. During that time there has been
any amount of foolish
crud added to this or that kernel, distribution ,graphics subsystem,
standards, ... but instead of fixing
it after 4 0 years, we get notes explaining that it's the application's
business, in this case the shell,
or perhaps the underlying library, to try to address "security issues"
instead of fixing it, once for all.
After 40 years (more than a generation).

--001a113a6f741b7857050990614f
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">=
On Sat, Dec 6, 2014 at 5:22 AM,  <span dir=3D"ltr">&lt;<a href=3D"mailto:lu=
cio@proxima.alt.za" target=3D"_blank">lucio@proxima.alt.za</a>&gt;</span> w=
rote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde=
r-left:1px #ccc solid;padding-left:1ex">40 years on, you&#39;d think someon=
e would deal with it.</blockquote></div><br>The point I was trying to make =
is that it was realised early on (eg, when time-sharing at universities)</d=
iv><div class=3D"gmail_extra">that a shared /tmp was a problem. Hacks such =
as +s or special schemes for allocating files don&#39;t really</div><div cl=
ass=3D"gmail_extra">address the problem.</div><div class=3D"gmail_extra"><b=
r></div><div class=3D"gmail_extra">Now look at that number: 40. Four decade=
s. During that time there has been any amount of foolish</div><div class=3D=
"gmail_extra">crud added to this or that kernel, distribution ,graphics sub=
system, standards, ... but instead of fixing</div><div class=3D"gmail_extra=
">it after 4 0 years, we get notes explaining that it&#39;s the application=
&#39;s business, in this case the shell,</div><div class=3D"gmail_extra">or=
 perhaps the underlying library, to try to address &quot;security issues&qu=
ot; instead of fixing it, once for all.<br></div><div class=3D"gmail_extra"=
>After 40 years (more than a generation).<br></div></div>

--001a113a6f741b7857050990614f--