[1717] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Re: Re: Re: Towards a solution of tmp-file

daemon@ATHENA.MIT.EDU (Andrew Morgan)
Fri Mar 13 07:26:47 1998

Date: Thu, 12 Mar 1998 23:25:22 -0800
From: Andrew Morgan <morgan@transmeta.com>
To: linux-security@redhat.com
In-Reply-To: <01IUKSJ70HB6000EGL@alpham.uni-mb.si>
Reply-To: Andrew Morgan <morgan@transmeta.com>
Resent-From: linux-security@redhat.com


DAVID BALAZIC writes:
> How about creating a subdir in /tmp with 600 mode and
> creating tmp files there ?

This is actually a good idea.  As you are able to verify mkdir fails
if it tries to create a directory over a symbolic link.  so a mkdir -m
700 is actually a hard thing to foil.

Incidentally, here at Transmeta, I've written a small utility called
'tmpdir' that creates a directory exports its name to the variable
$TMPDIR and then exec's the command that you supply as an argument.

Example:

  tmpdir /var/tmp sh -c "cd \$TMPDIR; touch this; pwd; ls"

The intent of this binary 'wrapper' is to make a temporary workspace
available to an arbitrary program.  I guess it might be useful in a
security minded context too.

The program is a little more sophisticated than the above.  It
actually hangs around until the command has completed and then rm
-rf's the $TMPDIR.

If there is any interest, I can see if Transmeta will permit me to
release the code.  [I could certainly see a case for doing this if the
commercial Linux distributions would volunteer to ship it as a
"standard" utility...]

Cheers

Andrew

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post