predictable filenames problem

Tudor Hulubei (
Thu, 26 Feb 1998 14:17:25 -0500

On Thu, 26 February 1998, Miguel de Icaza wrote:
> In this specific case, the random PIDs will help make it harder to
> exploit a bunch of attacks on predictable filenames (all of our
> userland should be using mkstemp instead of mktemp eventually, just
> like OpenBSD).

On the predictable filenames issue: anyone considered having a system
call that creates a temporary file that doesn't have a directory entry
(just allocates an inode for it on the file system and returns a file
descriptor)? This will create a file that will start directly in the
state files normally are after the following sequence:

fd = open("/tmp/unique_file_name", ...);

but without the directory entry for /tmp/unique_file_name actually
being created. Of course, the system call will need the path
parameter in order to know on what file system the file should be

I am aware that:

1. No aplication will initialy use it (and even if they eventually
will, it's going to be Linux specific code).

2. It won't solve the problem for programs that use temporary files to
communicate with their children (gcc without -pipe).

Still, it might improve security on Linux.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to