Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Michael Ash <email@hidden>
- Date: Mon, 25 May 2009 15:23:45 -0400
On Sun, May 24, 2009 at 7:57 PM, Greg Guerin <email@hidden> wrote:
> Michael Ash wrote:
>
>> Malevolent process C fails.
>
> Or maybe malevolent process C works because it's running with the same uid
> as unprivileged process A. The sticky-bit on a directory only prevents one
> uid from interfering with another uid's files. It has no effect if the uids
> of the processes are the same.
To put it bluntly: so what?
The UNIX security model fundamentally works at the user level, not the
process level. There is essentially nothing in place to protect one
process from attack by another.
If the adversary is able to run code under your user, then you have
already lost. He must be stopped before he gets that far. Trying to
protect your application from attack by another application running
under the same user is pointless.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden