[20433] in bugtraq
Re: Linux patches to solve /tmp race problem
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Wed Apr 25 12:12:13 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <008601c0cd4d$87cb5700$3200030a@seifried.org>
Date: Wed, 25 Apr 2001 00:04:03 -0600
Reply-To: Kurt Seifried <bugtraq@SEIFRIED.ORG>
From: Kurt Seifried <bugtraq@SEIFRIED.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
> PAM handles this quite nicely.
>
> I've hacked together a PAM module which sets TMPDIR (and TMP) to
> /tmp/user/uid, which I could probably make available (mail me if you
> are interested). Fixing programs to use TMP and TMPDIR is the correct
> solution.
>
> --
>
> Tollef Fog Heen
No need for that when we have "pam_env". From the docs "This module allows the
(un)setting of environment variables. Supported is the use of previously set
environment variables as well as PAM_ITEMs such as PAM_RHOST."
/etc/security/pam_env.conf
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
