[1699] in linux-security and linux-alert archive
[linux-security] Re: Towards a solution of tmp-file problems.
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Wed Mar 11 08:18:40 1998
To: linux-security@redhat.com
In-Reply-To: Your message of "Mon, 09 Mar 1998 10:59:10 +0100."
<199803090959.KAA01271@cave.BitWizard.nl>
Date: Wed, 11 Mar 1998 10:50:36 +0100
From: Olaf Kirch <okir@monad.swb.de>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Mon, 09 Mar 1998 10:59:10 +0100, Rogier Wolff wrote:
> How about allowing symlinks with "variable expansion"? A /tmp that is
> a symlink to /.tmp/$euid would do the trick. The kernel should
> maintain a small set of these variables (euid, uid, pid) without
> user-intervention. A general way of adding these variables on a
> per-process basis would make this a much more general feature.
AFAIK, there was a patch by Thomas Schoebel-Theuer in some 2.1.x
kernels that did somethng like this. I think it was removed again
later, though.
Also, I put some experimental stuff into unfsd a while back that would
expand special tokens in a file name, including the uid (obtained from
the client credentials). The setup for a `secure' /tmp directory would
involve a loopback NFS mount similar to amd's. The details can be
found in a README file in the source distribution. However in the end
I figured this kind of trick is too complicated and kludgy and didn't
pursue it any further.
My preferred approach to solving /tmp races is to fix these in the
source. A promising first step in that direction might be a patched libc
that checks for potentially dangerous uses of /tmp files, and use that
for >6 months on a variety of systems and see what pops up. This is no
substitute for an audit, but since no-one seems to find the time, it
appears a reasonable compromise. Had we done this earlier, the problems
with sort and perl would have been discovered long ago.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null