Bugtraq mailing list archives
Re: user flags in public temp space (was Re: chflags() [heads up])
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Fri, 6 Aug 1999 14:17:22 +1000
In some mail from Theo de Raadt, sie said: [...]
a) Root should not use /tmp. Root is root and, as the proverbial 800-pound gorilla, can make temporary files wherever it pleases. FreeBSD, for example, seems to be doing a lot in /var/run, which is root-owned, and not world-writable. At least root should use subdirectories of /tmp and test to see if it can mkdir(1) them before use (see OpenBSD2.5's /etc/security, for example).As much as possible, we've now killed almost all of the /tmp races in the system, so root is as safe as any other user. Even gcc now plays things safe, it appears. But /tmp problems keep occuring in packages which people add to the system.
If you're designing a software package, want to use temporary files and directories but you need the names to be the same every time, where do you put them ? Are you required to use open(O_CREAT|O_EXCL) for files in /tmp ? Apart from the ability to exchange files between users with /tmp, having private /tmp's for each uid using the system (with a non- world writeable /tmp) has a lot of merit which I hope someone will someday properly explore - i.e. there exist programming languages in which the buffer overflow is a non-event, now we need an operating system design where the /tmp file race-condition is a non-event. Darren
Current thread:
- user flags in public temp space (was Re: chflags() [heads up]) Strange (Aug 04)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Brett Lymn (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Jason Bratton (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Theo de Raadt (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Andrew Brown (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Theo de Raadt (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Tim Fletcher (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 07)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Doug Harple (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Brett Lymn (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up Adam Morris (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up James E. Pace (Aug 10)
- New cfingerd 1.4.0 - Configurable Finger Daemon Martin Schulze (Aug 10)
- profil(2) bug, a simple test program Ross Harvey (Aug 09)
- ISS Security Advisory: Denial of Service Attack Against Windows NT Terminal Server X-Force (Aug 09)