Techly NewsGet the app

Get the latest tech news

Against /tmp


I commented on Lobsters that /tmp is usually a bad idea, which caused some surprise. I suppose /tmp security bugs were common in the 1990s when I was learning Unix, but they are pretty rare now so I can see why less grizzled hackers might not be familiar with the problems.

There’s a ton of complexity at all levels of unix (filesystems, kernel APIs, libc, shell, admin scripts) that only exists as a workaround for the dangers caused by making/tmp shared. These scripts tended to have problems with time-of-check / time-of-use vulnerabilities, careless handling of symlinks, and pulling the rug out from under long-running programs that foolishly used/tmp. The fix, way back when, should have been for login(8) to create a per-user temporary directory in a sensible place before it drops privilege, and set$TMPDIR so the user’s shell and child processes can find it.

Get the Android app

Or read this on Hacker News

« Insta360’s GoPro competitor now has a bigger screen and improved 8K capabilities
Developer pockets $2M in savings from going cloud-free »