[20352] in bugtraq
Linux patches to solve /tmp race problem
daemon@ATHENA.MIT.EDU (Donaldson, Matthew)
Sat Apr 21 02:08:06 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15072.12895.627024.191687@localhost.localdomain>
Date: Fri, 20 Apr 2001 22:28:07 +0930
Reply-To: matthew@DATADELIVERANCE.COM
From: "Donaldson, Matthew" <matthew@DATADELIVERANCE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hi all,
I have recently developed some patches to the Linux 2.2 kernels which solve
the /tmp race problem without needing to define environment variables -
useful particularly for naive applications and scripts which dont use
TMPDIR and friends.
The patch creates "dynamic" symlinks, which point to different paths
depending on the user accessing them (for example, including the UID in the
path name). Such a link can be placed instead of /tmp and/or /var/tmp, and
any other similar directories. More usefully, these links can be configured
to automatically create the directory they refer to if it does not exist.
This means you can create a directory such as /tmp_files, for example, and
have the /tmp link automatically create user directories in it on demand.
Default permissions and ownership can be specified.
The patches are available from http://www.datadeliverance.com in the Linux
Patches section, along with a full discussion of the issues involved. Your
comments on the scheme are invited.
Cheers
-Matthew
--
+--------------------------------------------------------------------------+
| Matthew Donaldson http://www.datadeliverance.com |
| Data Deliverance Pty. Ltd. Email: matthew@datadeliverance.com |
| 30 Musgrave Ave. Phone: +61 8 8265 7976 _ |
| Banksia Park Fax: +61 8 8265 0032 John / \/ |
| South Australia 5091 3:16 \_/\ |
+--------------------------------------------------------------------------+
