Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[tcpcrypt-dev] [PATCH] avoid symlink attacks in

Daniel Kahn Gillmor dkg at
Wed Jul 23 09:40:15 PDT 2014

On 07/23/2014 11:50 AM, Andrea Bittau wrote:
> yeah it only seems to be used by the test script so it might not be
> the end of the world.
> i'm concerned with /run/ because i'm not sure how multiplatform it is.
> E.g., mac doesn't seem to have it.

hm, maybe check if /run exists, and use it where it does exist;
otherwise, maybe use ~root ?

It is bad form to use a world-writable directory with a predictable
filename (this would probably get a CVE if it was released this way).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the tcpcrypt-dev mailing list