[1716] in linux-security and linux-alert archive
[linux-security] Re: Re: Re: Re: Re: Towards a solution of tmp-file
daemon@ATHENA.MIT.EDU (Nick Andrew)
Fri Mar 13 07:22:19 1998
From: Nick Andrew <nick@zeta.org.au>
To: linux-security@redhat.com
Date: Fri, 13 Mar 1998 18:12:31 +1100 (EST)
In-Reply-To: <01IUKSJ70HB6000EGL@alpham.uni-mb.si> from "DAVID BALAZIC" at Mar 12, 98 11:27:26 am
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Forwarding a message from DAVID BALAZIC:
> (nick@zeta.org.au writes)
> >A private namespace protects this script and its subprocesses by making the
> >files _totally_ inaccessible to unrelated processes. The private namespace
> >can be imposed from above or the script can define its own.
>
> How about creating a subdir in /tmp with 600 mode and
> creating tmp files there ?
Like, say:
#!/bin/bash
mkdir /tmp/mydir
awk ' { print $1 } ' < infile > /tmp/mydir/file.$$
?
First you have to be sure that /tmp/mydir has not been replaced with a
symlink. You'd have to check the mode on /tmp, make sure it is 1777,
create the directory, make sure the directory you thought you created
is really there, and then you could do open within the directory.
There are more issues when setuid processes come into the picture. Do
you want a setuid process working in _your_ private directory?
[mod: I certainly would: I'd still be able to hack them... :-) -- REW]
Nick.
--
Zeta Internet SP4 Fax: +61-2-9233-6545 Voice: 9231-9400
G.P.O. Box 3400, Sydney NSW 1043 http://www.zeta.org.au/
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null