Bug #89043 for Message-Passing-ZeroMQ: predictable files in /tmp

Hi, I noticed your recent fix for ØMQ bug#140 changing to /tmp if ZMQ_SWAP is enabled. That makes me worry: does that mean ØMQ creates predictable files in a shared writable directory? If so, I'd say that's a bug: It is common practice to chdir to root dir before starting daemons - AFAIUI not only to ensure the path does not disappear while daemon is running, but also to ensure CWD is not writable - exactly to avoid surprise security weaknesses like this. Unless ØMQ only does a silly check for writability (i.e. does not actually write any files to CWD), I suggest to _not_ do a chdir, but instead do a check for write access on our own and fail with a human understandable error if not - hinting about the need for CWD to be writable (and recommending to use a _private_ writable dir if the system has any untrusted users. Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private