Bugtraq mailing list archives
Re: mktemp() and friends
From: djb () koobera math uic edu (D. J. Bernstein)
Date: Tue, 24 Dec 1996 22:52:49 -0000
I have a very simple suggestion: eliminate world writability. No more /var/spool/mail and no more /tmp. Right now, system security is in the hands of thousands of programs. That's silly. The only programs that should have to worry about security are programs that handle untrusted data---i.e., communications programs.
/tmp has the advantage that it may be cleaned up after a reboot.
What does ``reboot'' mean? Sounds like a Windows feature. Under UNIX, people want to clean up temporary files in multiuser mode. How would you suggest doing this? Everyone knows that if root runs find /tmp ... -print | xargs rm then any user can delete any file on the system. Years ago I proposed find -print0 and xargs -0, naively assuming that reliable => secure. Unfortunately, if root runs find /tmp ... -print0 | xargs -0 rm any user can _still_ delete any file on the system. You might give up on xargs and run find /tmp ... -exec rm '{}' ';' but that _still_ lets any user delete any file on the system. With per-user tmp directories, the problem disappears: setuid to joe and remove old files in ~joe/tmp.
Finally, what if you're using an NFS-mounted ~
Each user should have a separate storage area on each host. Otherwise: setenv TMPDIR ~/tmp/`hostname`; mkdir $TMPDIR ---Dan Put an end to unauthorized mail relaying. http://pobox.com/~djb/qmail.html
Current thread:
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Uriel Maimon (Dec 23)
- <Possible follow-ups>
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Steve \ (Dec 24)
- Re: mktemp() and friends Casper Dik (Dec 24)
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Benedikt Stockebrand (Dec 23)
- Re: mktemp() and friends Theo de Raadt (Dec 24)
- Re: mktemp() and friends D. J. Bernstein (Dec 24)
- Re: mktemp() and friends SGI Security Coordinator (Dec 24)
- Re: mktemp() and friends Darren Reed (Dec 23)