Re: [SLE] /tmp cleaning
From: Marcos Lazarini (lazarini_at_nics.unicamp.br)
Date: 11/18/04
- Previous message: Osho GG: "Re: [SLE] Where's Scribus?"
- In reply to: Hylton Conacher (ZR1HPC): "[SLE] /tmp cleaning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 18 Nov 2004 19:19:24 -0200 To: "Hylton Conacher (ZR1HPC)" <hylton@global.co.za>
Hylton Conacher (ZR1HPC) wrote:
> Whilst reading through the list email, I decided it would be a good idea
> to clear out my own /tmp directory.
>
> Can I safely assume that as long as there is no one logged on, besides
> root to delete all the files in the /tmp directory, that I could safely
> use the command:
>
> #> rm -fr /tmp/* ??
A "good" point of view:
http://www.securityfocus.com/archive/1/304192/2002-12-18/2002-12-24/0
This message talks about vulnerabilities in a debian package (tmpwatch and
tmpreaper also) and/or with mkstemp(). The package's author thinks
differently; see a fragment:
"IMO there are a couple of things wrong about the points in the text, which
I could not resolve in discussion [...] For example, the text speaks of
"creation time"; I responded that there is no such thing in POSIX, only the
inode change time (which is also changed if you link the file, or rename it,
or change the permissions, or even when you delete it). I never got an
answer on that."
The complete answer was not sent to bugtrack, but you can read it inside the
package (108kb):
http://ftp.debian.org/debian/pool/main/t/tmpreaper/tmpreaper_1.6.5.tar.gz
the file is extracted as
tmpreaper-1.6.5\debian\README.security
-- Marcos Lazarini -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Osho GG: "Re: [SLE] Where's Scribus?"
- In reply to: Hylton Conacher (ZR1HPC): "[SLE] /tmp cleaning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
