Bugtraq mailing list archives
Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability)
From: "Mike A. Harris" <mharris () OPENSOURCEADVOCATE ORG>
Date: Mon, 18 Dec 2000 22:28:57 -0500
On Sun, 17 Dec 2000, DeRobertis wrote:
As you say, /tmp is pretty entrenched in a lot of code and it does have some convenience and resource management benefits. A restricted file system is probably the only realistic solution as that protects all those future programmers who make the same mistake (and all us lazy shell hackers).I'm not sure how easy it'd be to implement (3), but how about: 1) /stmp/<<username>> as a temp directory for that user. rwx for the user only, of course. 2) utilities should respect TEMP_DIR, which would be set in /etc/profile to /stmp/<<username>> 3) For migration purposes, a virtual filesystem that maps /tmp to /stmp/<<username>> After all utilities are migrated, one would get rid of this (and /tmp) forever. Seems to me we'd have a lot less /tmp exploits ;-)
That makes the system MORE complex. The more complex a system
needlessly gets, the more chance of security breach.
The proper solution is to fix any problems with /tmp, and to have
applications properly programmed to be secure. As long as
programmers don't heed security when programming, security issues
will remain in software. Working around the problem by hacking
up the system avoids the real problem.
Don't fix something that is not broken, fix the programmer. The
above solution would only give the illusion to programmers that
by using /stmp/<username> that their tmp files would magically be
secure no matter what, which would be very false.
There are existing well defined methods for creating temporary
files, they just need to be used, that's all. Making another
dir, would be like removing pointers from C because programmers
might make bugs due to stray pointers.
$0.02
----------------------------------------------------------------------
Mike A. Harris - Linux advocate - Open source advocate
This message is copyright 2000, all rights reserved.
Views expressed are my own, not necessarily shared by my employer.
----------------------------------------------------------------------
#[Mike A. Harris bash tip #3 - how to disable core dumps]
# Put the following at the bottom of your ~/.bash_profile
ulimit -c 0
Current thread:
- Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Andrew Church (Dec 15)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 16)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? Hanspeter Schmid (Dec 20)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Michael Damm (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) stanislav shalunov (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Ryan Russell (Dec 18)
- Message not available
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Christian (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) DeRobertis (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mike A. Harris (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Kurt Seifried (Dec 19)
- Re: Is /tmp still appropriate? Peter W (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mark Delany (Dec 16)