Bugtraq mailing list archives
Re: user flags in public temp space (was Re: chflags() [heads up])
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Fri, 6 Aug 1999 19:58:41 +1000
In some mail from Theo de Raadt, sie said:
Apart from the ability to exchange files between users with /tmp, having private /tmp's for each uid using the system (with a non- world writeable /tmp) has a lot of merit which I hope someone will someday properly explore - i.e. there exist programming languages in which the buffer overflow is a non-event, now we need an operating system design where the /tmp file race-condition is a non-event.Perhaps. But watch what you ask for, because there is software out there that by itself that swaps uid's while playing (safely) in /tmp. Any change like this can cause new problems to crop up...
I think I defeated myself in trying to explain the implementation I was trying to describe. For each user, when they login, a virtual /tmp is created and that is shared between all sessions that user has. This is setup at login time and is carried forth to all children, root or not, and cannot be reset (somewhat akin to chroot) unless devious methods are employed (i.e. write to /dev/mem). So if I have 10 logins to host foo, each login sees the same /tmp, even the root shells I generate via su/sudo in half. If I login as root, I don't have the same /tmp (I get a different one). cron/at jobs would be no different. So the `real' /tmp could even be 755 root.wheel. Whilst it all sounds nice, I think it'd be somewhat of a hack to actually implement, unless something like union mounts were used for mounting (say) /tmp/root back to /tmp. I'm sure this has been suggested before too. Darren
Current thread:
- user flags in public temp space (was Re: chflags() [heads up]) Strange (Aug 04)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Brett Lymn (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Jason Bratton (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Theo de Raadt (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Andrew Brown (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Theo de Raadt (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Tim Fletcher (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 07)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Doug Harple (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Brett Lymn (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up Adam Morris (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up James E. Pace (Aug 10)
- New cfingerd 1.4.0 - Configurable Finger Daemon Martin Schulze (Aug 10)
- profil(2) bug, a simple test program Ross Harvey (Aug 09)
- ISS Security Advisory: Denial of Service Attack Against Windows NT Terminal Server X-Force (Aug 09)
- Uploaded cfingerd 1.3.2-18.1 for Debian (security fix) Leszek Gerwatowski (Aug 09)