[18101] in bugtraq
Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary
daemon@ATHENA.MIT.EDU (Mark Delany)
Fri Dec 15 16:57:26 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001214225127.625.qmail@geex.bushwire.net>
Date: Thu, 14 Dec 2000 22:51:27 +0000
Reply-To: Mark Delany <MarkD@BUSHWIRE.NET>
From: Mark Delany <MarkD@BUSHWIRE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3a382fd1.53267@prima-lan.net>; from achurch@ACHURCH.ORG on Thu,
Dec 14, 2000 at 11:04:06AM +0900
On Thu, Dec 14, 2000 at 11:04:06AM +0900, Andrew Church wrote:
> >I do not really think the problem is this. /tmp is there for a reason,
> >and I don't really find any fault in vendors/developers for using it
> >accordingly.
>
> This has always been my initial reaction to complaints about /tmp
> vulnerabilities. But it occurred to me: Is /tmp, perhaps, no longer
> appropriate to keep around in today's Internet?
>
> The world-writable /tmp we all know and {love,hate} was created way
> back before the Internet was anything like it is today (I assume--I wasn't
I'm not so sure that the Internet is the cause of anti-social users
sharing Unix systems.. Be that as it may, one of the biggest issues
with using /tmp is it creates a security issue for a whole class of
programs and programmers that generally don't have to worry about
security. Programmers who write general purpose shells and editors and
sorts shouldn't have to worry about security issues.
I'm sure many people have been "guilty" of writing a quick and nasty
shell script that ends in something like: >/tmp/out.$$
> I haven't decided what my own opinion is on this yet, and I can see
> solutions that allow a shared /tmp with unsafe programs (such as
> disallowing creation of links or special files, or the "hlfsd" another
> poster mentioned), but at any rate I think it's an issue that merits some
> thought.
As you say, /tmp is pretty entrenched in a lot of code and it does
have some convenience and resource management benefits. A restricted
file system is probably the only realistic solution as that protects
all those future programmers who make the same mistake (and all us
lazy shell hackers).
Regards.
