I just spot checked RHEL4 (based on Fedora Core 3) and Fedora 8. Ubuntu/Debian is probably the only Linux distro that does chmod 600 tmp file creation. Perhaps someone with MacOSX would like to run:Īnd report their results. That Apple can’t get this right is disgraceful, and rightly should make us wonder what other elementary blunders they are making elsewhere. I’ve just spot-checked my /tmp tree and there are no files with read or write permission for ‘other’. I just ran /bin/mktemp and it properly created a file in /tmp with 600 permissions. On my Ubuntu box my umask is the standard 0022. It’s hard to think of a time that a tmp file should be world readable.Ī temporary pipe or socket, perhaps, in some specific cases. I think that the actual problem here is the “If security is a concern” part. I would modify that to just “tmp files should not be created with the default umask but should be created with the most restrictive permissions possible”. If security is a concern, tmp files should not be created with the default umask but should be created with the most restrictive permissions possible unless explicitly specified otherwise. Maybe I’ll give Thunderbird a try when they finally release a more native-interface release version like Firefox 3 is.ĭoesn’t matter. If I was *really* concerned about security I’d also dump Mail.app in favor of Thunderbird or better yet Mutt or the like, but Mail.app is such a good mail program to use in Leopard that I can’t bear to be without it’s usability.
JAVA MAC OS 10.5.8 UPDATE
I also run a program that scans versiontracker to see if my programs are up to date, as well of course as regularly running Apple Update for important things like Quicktime, Safari (even if you don’t use Safari, quite a few other programs do! The situation’s not as crazy as IE on Windows, but a lot of programs do use WebKit to display HTML and the like as well as the Dashboard, etc…) and the OS updates. (Which does more than just selectively filter javascript domains.) What I do is harden my system as much as possible, by running an ipfw firewall (you can use a graphical front end to it like NoobProof or Waterroof) and little snitch, and using Firefox with the NoScript plug-in rather than Safari. Even on Windows, signature-based virus scanning is not very effective anymore even where viruses are a threat. I don’t actually run an antivirus, viruses per-se aren’t the main malware vector for Macs and they take up a lot of resources. By now, the Mac OS has a large enough market share to be vulnerable. When I used BeOS, I had “security through obscurity” because the common “teenager hacking software” doesn’t understand BeOS.
JAVA MAC OS 10.5.8 INSTALL
I’m the only one who’s touching my own MacBook but just to be safe I did install iAntiVirus and MacScan.