Bugtraq mailing list archives

Re: where user temp files should go, env var names

From: "Peter J . Holzer" <hjp () WSR AC AT>
Date: Thu, 21 Dec 2000 11:30:19 +0100

On 2000-12-19 00:55:34 -0500, Mike A. Harris wrote:

On Tue, 19 Dec 2000, Aaron Drew wrote:

I wouldn't envisage a kernel patch to give each tty or user its own
virtual /tmp being be THAT hard to do.


The kernel doesn't differentiate between directories in the
filesystem. For all the kernel cares /tmp is where user directories
are stored. The kernel doesn't ever know or treat differently any
names of dirs in the filesystem.


It shouldn't treat directories differently based on the *name*.

Some unixes have/had a "hidden directories" feature. If a flag is set
on a directory, any attempt to access the directory would instead
access one of its subdirectories, depending on some other factor.
DomainOS and some versions of Minix used this to keep different binaries
in the "same" place. So, for example, on DomainOS, you would have
/usr/bin/sysv/ps and /usr/bin/bsd/ps, and depending on whether you
were running it in SysV or BSD mode, you would get one or the other
executable when executing /usr/bin/ps. HP-UX inherited the feature from
Domain-OS, but I can't recall whether it was used for anything useful.
HP-UX 11 doesn't seem to have it anymore, anyway.

Similarly, instead of a "OS mode", the subdirectory could be based
on the user-id, so if /tmp has the "hidden-subdirs-are-userids"
bit set, an access to /tmp/mutt.12345.msg would in fact access
/tmp/1010/mutt.12345.msg, if my uid is 1010.

This definitely has nothing at all to do with the kernel whatsoever.
It is a userland programming issue.

The kernel does not impose policy decisions upon systems, that is what
a sysadmin is for. Fix the programmer.


"mechanism, not policy", right. However, the kernel can provide a
mechanism. Whether it is the right one (personally, I found those hidden
directories rather confusing) is debatable. Especially since there is
another mechanism in userland (the TMPDIR environment variable) which
has almost the same effect, if it is used.

        hp

-- 
   _  | Peter J. Holzer      | Any setuid root program that does an
|_|_) | Sysadmin WSR / LUGA  | exec() somewhere is just a less
| |   | hjp () wsr ac at        | user friendly version of su.
__/   | http://www.hjp.at/   |    -- Olaf Kirch on bugtraq 2000-08-07

Attachment: _bin
Description:

Current thread:

[hacksware]Pine temporary file hijacking vulnerability JW Oh (Dec 12)
- Re: [hacksware]Pine temporary file hijacking vulnerability Thomas Corriher (Dec 13)
  - Re: where user temp files should go, env var names Peter W (Dec 14)
    - Re: where user temp files should go, env var names Andrzej Chabierski (Dec 16)
    - Re: where user temp files should go, env var names Valdis Kletnieks (Dec 18)
    - Re: where user temp files should go, env var names Aaron Drew (Dec 18)
    - Re: where user temp files should go, env var names Mike A. Harris (Dec 19)
    - Re: where user temp files should go, env var names Nick Phillips (Dec 21)
    - Re: where user temp files should go, env var names Peter J . Holzer (Dec 21)
    - Re: where user temp files should go, env var names Doug Wyatt (Dec 21)
    - Message not available
    - Re: where user temp files should go, env var names Jay R. Ashworth (Dec 21)
  - Re: [hacksware]Pine temporary file hijacking vulnerability Ryan W. Maple (Dec 14)
- Re: [hacksware]Pine temporary file hijacking vulnerability Peter W (Dec 13)
  - Re: [hacksware]Pine temporary file hijacking vulnerability Christopher X. Candreva (Dec 14)