[20429] in bugtraq
Re: Linux patches to solve /tmp race problem
daemon@ATHENA.MIT.EDU (Donaldson, Matthew)
Wed Apr 25 03:18:20 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15077.22738.538531.577231@localhost.localdomain>
Date: Tue, 24 Apr 2001 20:13:30 +0930
Reply-To: matthew@DATADELIVERANCE.COM
From: "Donaldson, Matthew" <matthew@DATADELIVERANCE.COM>
X-To: Tollef Fog Heen <tollef@add.no>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <87u23esohm.fsf@arabella.intern.opera.no>
Tollef Fog Heen writes:
>* "Donaldson, Matthew"
>
>| If it were just replacing login, I would agree with you. But not everything
>| coming into a Unix system comes via login. There are a number of daemons,
>| X-window systems and so forth that do their own thing. On top of the
>| existing ones, someone might decide to compile some ssh version or some other
>| daemon, and put that up. Anything that creates a process on a Unix system
>| and runs things is a potential entry point. It need not be even be related
>| to loggin in. Cron, for example, runs processes as different users, but
>| doesn't run login.
>
>PAM handles this quite nicely.
>
>I've hacked together a PAM module which sets TMPDIR (and TMP) to
>/tmp/user/uid, which I could probably make available (mail me if you
Yes please - I'm interested in other viable solutions.
>are interested). Fixing programs to use TMP and TMPDIR is the correct
>solution.
Fixing programs is the _ideal_ solution, as is fixing software to eliminate
buffer overruns. However there is stack guarding software because not all
software is fixed, and not all vulnerabilities are known. Similar principle
applies here. We live in a non-ideal world.
You may argue that /tmp bugs are more obvious in the code than buffer
overruns, and they may be to some degree, but even so, someone's got to look
over the source code for everthing that's out there. Most admins don't have
time to do that for every piece of software they're running, or can't
(e.g. because it's non open-source). Having something like this gives them
the security that even if someone is doing the Wrong Thing(tm), it does not
put them at risk.
Cheers
-Matthew
--
+--------------------------------------------------------------------------+
| Matthew Donaldson http://www.datadeliverance.com |
| Data Deliverance Pty. Ltd. Email: matthew@datadeliverance.com |
| 30 Musgrave Ave. Phone: +61 8 8265 7976 _ |
| Banksia Park Fax: +61 8 8265 0032 John / \/ |
| South Australia 5091 3:16 \_/\ |
+--------------------------------------------------------------------------+
