Re: world writeable files



Steve Fox wrote:

[drfickle tp drfickle]$ ls -al /tmp/
total 48
drwxrwxrwt   10 root     root         4096 Feb  7 23:55 ./
drwxr-xr-x   22 root     root         4096 Feb  1 13:32 ../
drwxrwxrwt    2 root     root         4096 Feb  7 18:44 .ICE-unix/
-r--r--r--    1 root     drfickle       11 Feb  7 18:44 .X0-lock
drwxrwxrwt    2 root     gdm          4096 Feb  7 18:44 .X11-unix/
drwxrwxrwx    2 drfickle drfickle     4096 Feb  7 18:44 .esd/

Someone pointed out to me offline that the gdm stuff is "relatively" safe due to the sticky bit set on the directory.

However the /tmp/.esd directory doesn't have this. Is this a valid concern? I know jack about secure programming so I'm hoping for some confirmation on this.

--

Steve Fox
http://k-lug.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]