Re: '... creates temporary files in an insecure manner.' Tutorial?

14 msg	ProFTPD still vulnerable (Sarge)
1 msg	Wannt new Proshe or BMW?
16 msg	Mass update deployment strategy
1 msg	Dolly wrote:
3 msg	texinfo update?
1 msg	Billy wrote:
3 msg	Unidentified subject!

'... creates temporary files in an insecure man...
\ s. keeling (21 Nov 2006)
. \ Sam Morris (21 Nov 2006)
. \ Javier Fernández-Sanguino Peña (23 Nov 2006)

1 msg	watch this stck go crazy c
1 msg	Primo sesso nella vtia qui
1 msg	more All admins access
1 msg	Is succumb go postwar
1 msg	UPDATE: Remote Root In Nvidia xserver Driver
2 msg	Bypassing allowed_users with PAM in sshd?
1 msg	Ëîãèñòèêà çàêóïîê
1 msg	Give us a call when you get a chance
9 msg	help needed
2 msg	Register
1 msg	º£¡ËÍâ¡ËÒÑ1400ÍòÈËÉùÃ÷ÍË¡Ë¡àµ³¡ËÍÅ£¬Ìì¡ËÃðÖÐ¡Ë¹...
6 msg	bind9 security problem?

Subject:	Re: '... creates temporary files in an insecure manner.' Tutorial?
Group:	Debian-security
From:	Javier Fernández-Sanguino Peña
Date:	23 Nov 2006

On Mon, Nov 20, 2006 at 09:33:14PM -0700, s. keeling wrote:
>
> I'm wondering whether there might be some "secure temporary file
> checklist" which should be part of the
> indoctrination<ESC><BackSpace>initiation phase for DDs?

Well, I tried to write some information for DDs in the "Securing Debian
Manual": Chapter 9 - Developer's Best Practices for OS Security
http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html
and this year at Debconf 6:
- slides: http://people.debian.org/~jfs/debconf6/weeding_security_bugs.pdf
and (slides + examples) at:
http://meetings-archive.debian.net/pub/debian-meetings/2006/debconf6/slides/Weed ing_out_security_bugs-Javier_Fernandez_Sanguino/
- video: available at
http://meetings-archive.debian.net/pub/debian-meetings/2006/debconf6/

HTH

Javier