[1717] in linux-security and linux-alert archive
[linux-security] Re: Re: Re: Re: Re: Towards a solution of tmp-file
daemon@ATHENA.MIT.EDU (Andrew Morgan)
Fri Mar 13 07:26:47 1998
Date: Thu, 12 Mar 1998 23:25:22 -0800
From: Andrew Morgan <morgan@transmeta.com>
To: linux-security@redhat.com
In-Reply-To: <01IUKSJ70HB6000EGL@alpham.uni-mb.si>
Reply-To: Andrew Morgan <morgan@transmeta.com>
Resent-From: linux-security@redhat.com
DAVID BALAZIC writes:
> How about creating a subdir in /tmp with 600 mode and
> creating tmp files there ?
This is actually a good idea. As you are able to verify mkdir fails
if it tries to create a directory over a symbolic link. so a mkdir -m
700 is actually a hard thing to foil.
Incidentally, here at Transmeta, I've written a small utility called
'tmpdir' that creates a directory exports its name to the variable
$TMPDIR and then exec's the command that you supply as an argument.
Example:
tmpdir /var/tmp sh -c "cd \$TMPDIR; touch this; pwd; ls"
The intent of this binary 'wrapper' is to make a temporary workspace
available to an arbitrary program. I guess it might be useful in a
security minded context too.
The program is a little more sophisticated than the above. It
actually hangs around until the command has completed and then rm
-rf's the $TMPDIR.
If there is any interest, I can see if Transmeta will permit me to
release the code. [I could certainly see a case for doing this if the
commercial Linux distributions would volunteer to ship it as a
"standard" utility...]
Cheers
Andrew
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null