←back to thread

Against /tmp

(dotat.at)
257 points todsacerdoti | 1 comments | 22 Oct 24 12:36 UTC | HN request time: 0.276s | source
Show context
josephcsible ◴[22 Oct 24 14:43 UTC] No.41914801[source]
If you're opening with O_CREAT|O_EXCL, why does it matter whether the filename is predictable?
replies(3): >>41914941 #>>41915153 #>>41919231 #
1. cryptonector ◴[22 Oct 24 22:08 UTC] No.41919231[source]
As u/fanf says, denial of service. The canonical example here would be `/tmp/krb5cc_$UID`, which is where Kerberos libraries keep your Kerberos credentials. If you create that for some other user's UID before they login, they won't be able to use Kerberos (unless they have a clue), causing support calls. This isn't really an issue, but still.

And of course those libraries' code that uses those files had to be written very carefully.

Sure, the more modern thing is to have a daemon called `kcm` that does that and which has an AF_LOCAL socket in... /var/run/, but it's a multi-user-capable daemon, so it doesn't need /var/run/user/${UID}, which as I've noted elsewhere here, is not universally available (for the same reasons that /run/user/${UID} is not either).