Lennart Poettering <mzerqung(a)0pointer.de> writes:
Well, that way attackers might still be able fool the admin: i.e. he
could create a directory with a service name and some randomized suffix
and the admin might blindly believe that this directory belongs to the
service, even if it doesn't, but belongs to the evil attacker. Using a
fully randomized name is a bit more secure here, since the admin always
needs to check the service first for the actual directory.
How about making a non-world-writable directory somewhere for this
purpose, with service-named directories beneath it?
That is yet another thing for sysadms to learn about of course, unless
it is placed in /tmp itself which creates some security problems
again...
/Benny