[20423] in bugtraq
Re: Linux patches to solve /tmp race problem
daemon@ATHENA.MIT.EDU (Tollef Fog Heen)
Wed Apr 25 01:22:18 2001
Mail-Copies-To: never
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <87u23esohm.fsf@arabella.intern.opera.no>
Date: Tue, 24 Apr 2001 10:15:01 +0200
Reply-To: Tollef Fog Heen <tollef@ADD.NO>
From: Tollef Fog Heen <tollef@ADD.NO>
X-To: matthew@DATADELIVERANCE.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <15076.11581.958469.19090@localhost.localdomain>
* "Donaldson, Matthew"
| If it were just replacing login, I would agree with you. But not everything
| coming into a Unix system comes via login. There are a number of daemons,
| X-window systems and so forth that do their own thing. On top of the
| existing ones, someone might decide to compile some ssh version or some other
| daemon, and put that up. Anything that creates a process on a Unix system
| and runs things is a potential entry point. It need not be even be related
| to loggin in. Cron, for example, runs processes as different users, but
| doesn't run login.
PAM handles this quite nicely.
I've hacked together a PAM module which sets TMPDIR (and TMP) to
/tmp/user/uid, which I could probably make available (mail me if you
are interested). Fixing programs to use TMP and TMPDIR is the correct
solution.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
