|
|
System sleep depending on login & logout
The following code must not be used where untrusted users have local access as it is a security risk. echo $1 > /tmp/login_$1.LOCK A malicious local attacker can simply create symbolic links in advance, then wait for the appropriate user to login: $ ln -s /mach.sym /tmp/login_john.LOCK Or automate the process for all users via scripting: #!/bin/sh To avoid this class of security problem, do not use shared /tmp directories if at all possible. Alternatives include creating a custom directory for exclusive use by login/logout scripts, writing to a database instead of the filesystem, or the mktemp command. mktemp uses a special system call to ensure exclusive access to files under /tmp. More information on secure temporary file handling.
System sleep depending on login & logout
A valid point to this security issue. In my case, the system is at home, so quite a secure environment. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.10 seconds |
|