rawhide report: 20090523 changes
Till Maas
opensource at till.name
Tue May 26 17:12:06 UTC 2009
On Di Mai 26 2009, Bill Nottingham wrote:
> Kevin Kofler (kevin.kofler at chello.at) said:
> > Yet another insecure temporary file vulnerability. Why do we still not
> > polyinstantiate /tmp by default? We're wasting lots of time on security
> > measures which keep breaking apps such as SELinux, but simple things like
> > polyinstantiation are still not used, why? This code would be perfectly
> > safe if polyinstantiation was mandatory. Why are we stuck in the 1970s?
>
> ... send patches? It's techncially feasible, but no one's done the
> legwork to integrate it fully yet.
It is already done on the Fedorapeople server:
https://fedoraproject.org/wiki/Infrastructure/FedoraPeopleConfig#polyinstantiated_tempdirs
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090526/61c60be5/attachment.sig>
More information about the fedora-devel-list
mailing list