[Tilesathome] deleting temp folder (was Problem under windows again)
"Marc Schütz"
schuetzm at gmx.net
Fri Aug 22 10:48:11 BST 2008
> "Martijn van Oosterhout" <kleptog at gmail.com> writes:
>
> > On Thu, Aug 21, 2008 at 9:29 PM, "Marc Schütz" <schuetzm at gmx.net>
> wrote:
> >>> I wanted to call it Z_X_Y to make it easy for somebody trying to debug
> >>> things to find the data.
> >>
> >> You have to be careful if you use fixed or predictable names in /tmp to
> avoid symlink attacks.
> >
> > So don't use /tmp but some other directory that doesn't have
> > world-write permissions. Enfore that and you don't need to worry about
> > the names.
>
> You can also set the working folder's permissions to 700 and nobody
> can put a symlink inside.
Yes, but as the default working directory in tilesAtHome.conf.linux is "/tmp/", the client is unsafe by default. This should be fixed.
Regards, Marc
--
Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine für Alle: http://www.gmx.net/de/go/messenger03
More information about the Tilesathome
mailing list