[1273] in linux-security and linux-alert archive
Re: [linux-security] Re: t bit and symlinks patch
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Sat Oct 26 09:47:01 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Sat, 26 Oct 1996 11:41:49 +0200 (MET DST)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Some people are arguing that "this shows how many programmers are
still not aware of the /tmp security issues." (Marek Michalkiewicz
<marekm@i17linuxb.ists.pwr.wroc.pl>).
I think that this is wrong. The reason that I like Unix operating
systems is that things are nicely divided up. As a normal user, I
cannot really mess up the system.
When I write a simple application, I don't have to think about
preventing the user of my program to write to files he doesn't have
access to. The OS does that for me. That's what it's for. If I write
an applciation that is going to need an setuid bit, I KNOW I am getting
into a big mess of security issues. Then it is my responsibility to do
it good.
So to keep with the Unix philosophy "what should be simple actually is",
the system should provide sufficient security for the standard use of
/tmp.
If the suggested fix by Andrew can be made watertight, it could be
sufficient.
Another way would be to make context sensitive symlinks. (Anybody
remember Domain-OS?). This would allow you to make /tmp a symlink to
$HOME/tmp . There are many more interesting uses of this feature...
Any volunteers? :-)
Roger.