> I'd have thought that having /tmp mode 1777, using tempnam() > to get the file name, and creating this file in mode 0600 would be > sufficient. It's not. Since /tmp is world-readable, anyone can determine what the actual file name is, so generating random names does not help. Since /tmp is world-writeable, if the sticky bit is not set, then anyone can remove the file (and replace it with one of their own) no matter what the permissions on the file were. If the program is coded so that it closes and re-opens the file later, which of course it does in this case since it contains cache data that is saved between invocations of the program, you can feed the program bogus data this way. The program can be coded to check when it re-opens the file to make sure it's still the same owner and permissions that it was before, but that kind of fix has to be made in every single program that uses temp cache files. The only generic fix is to set the sticky bit in the tmp directory, which prevents anyone from removing (and replacing) files they don't own. --Greg