Bugtraq mailing list archives
Re: Tired of /tmp? Here's a proposed solution
From: mjb () sophos com (Matthew J Brown)
Date: Wed, 28 Aug 1996 11:21:41 +0100
Guido M. Witmond writes:
Well, this is a good quick hack. What about removing the CONCEPT of public writable filesystems like /tmp. One of the reasons for the /tmp filesystem is to provide users with some extra diskspace that's for temporary use and does not limit users to their respective quotas. Nowadays with ever larger and cheaper disks it is acceptable to let every user create a ~/tmp directory as a private scrapyard. This prevents any /tmp attacks and the use of the quota-system gives enough flexibility to enlarge or reduce the area, even more than the fixed size of /tmp.
/tmp still has many advantages, though. Firstly, it's pretty much guaranteed to be a local filesystem, and not on an NFS partition. This gives better performance. On some systems it's a tmpfs partition, with the advantage of even better performance and automatic deletion on reboot. Secondly, it's an area that's automatically deleted every so often, so has a different 'feel' to it than a ~/tmp. Thirdly, it's often used to pass files to other users on the same system. I think what is actually needed is to have a directory /tmp/<user> for each user on the system. This keeps advantages one and two: it's a local disk and automatically deleted. This directory should be owned by the user and mode 700. Then a space ought to be set up for the temporary exchange of files between users, called something like /common. This should also be automatically deleted, but programs should not automatically create temp files here. -Matt
Current thread:
- r00t advisory -- sol2.5 su(1M) vunerability, (continued)
- r00t advisory -- sol2.5 su(1M) vunerability Gregory Hull (Aug 26)
- SGI Security Advisory 19960802-01 - Vulnerability in expreserve SGI Security Coordinator (Aug 26)
- Privileges (was libresolv+ bug) Paul McNabb (Aug 26)
- [BUG] Vulnerability in PINE Sean B. Hamor (Aug 26)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Re: Tired of /tmp? Here's a proposed solution Thomas Koenig (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Sean B. Hamor (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution mdr () vodka sse att com (Aug 28)
- Rlogin vulnerabilty Gabriele Avosani (Aug 28)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Matthew J Brown (Aug 28)
- ftpbounce-0.1.tar.gz Rune Braathen (Aug 27)
- Re: [BUG] Vulnerability in PINE Linux Mailing Lists (Aug 28)
- Re: [BUG] Vulnerability in PINE Sean B. Hamor (Aug 28)
- Re: [BUG] Vulnerability in PINE Jason Haar (Aug 29)
- HOLE: Unixware 2.03: crontab -e Hannu Laurila (Aug 29)