[3288] in bugtraq
Tired of /tmp? Here's a proposed solution
daemon@ATHENA.MIT.EDU (Igor Chudov @ home)
Mon Aug 26 23:30:47 1996
Date: Mon, 26 Aug 1996 21:18:26 -0500
Reply-To: Igor Chudov <ichudov@algebra.com>
From: "Igor Chudov @ home" <ichudov@algebra.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.95.960826192918.1836B-100000@litterbox.org> from
"Sean B. Hamor" at Aug 26, 96 07:35:05 pm
Are you tired of attacks based on files in /tmp?
Well, how about the following solution:
1. Introduce a convention that whenever a program wants a file name
for some temporary file, it should call a library function tmp_mknam
2. This function would accept the file prefix and be implemented in
the following way:
a) check if directory $TMP exists and belongs to the effective uid
b) if yes, return $TMP/<prefix><unique id> (maybe using tmpnam)
c) if no, create a file under /tmp/<prefix><unique id> (maybe
using tmpnam)
If program writers follow this convention and call tmp_mknam, users will
be able to insure their security from /tmp attacks by creating
directories with right permissions, for example under /tmp. For example,
I could protect myself by the following commands:
$ mkdir /tmp/ichudov
$ chmod 700 /tmp/ichudov
$ export TMP=/tmp/ichudov
This function can be made nit oa separate library of its own.
- Igor.
