[18330] in bugtraq
Re: /tmp
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri Dec 22 18:50:51 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0012221113400.25893-100000@dione.ids.pl>
Date: Fri, 22 Dec 2000 11:26:13 +0100
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: Dan Stromberg <strombrg@NIS.ACS.UCI.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001221154406.K27452@seki.acs.uci.edu>
On Thu, 21 Dec 2000, Dan Stromberg wrote:
> 2) Provide a library function, perhaps mkytemp(), which calls a setuid
> root program that creates /tmp/secy/username/templateXXXXXX. /tmp/secy
> is only writable by root, and mkdir'd at system boot time. Pass back
> the filename and a file handle. The setuid program should eliminate
> the DOS, but is slower (exec's hurt). You could just use /sec or
> /stmp, but then temp scrubbers have to be modified slightly, slowing
> migration.
Please tell me why are you considering /tmp as the only one solution?
Moving runtime temporary files that do not *have* to be shared from /tmp
to eg. ~/tmp is pretty good solution, as well. Unfortunately, this won't
solve numerous problems of programs that are not following mk*temp()
convention, creating eg. pid-based temporary files ;) On the other hand,
most of context pseudo-filesystem / redirection solutions (like making
real location of /tmp entries for every UID different) might broke eg. X
server / clients functionality etc.
The truth is obvious: /tmp isn't anything good, and there are no easy
workarounds for programs using it. We should modify these programs,
instead, moving ALL unnecessary /tmp files (which are not used for
interprocess communication, like Xserver sockets) to ~/tmp or so. You
cannot feel safe without it, no matter how complicated system will be used
to guard /tmp.
It is not really difficult to grep all system sources against /tmp,
mkstemp, mktemp, tmpnam, tempnam, tmpfile and similar stuff...
--
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
