Bugtraq mailing list archives
Re: Tired of /tmp? Here's a proposed solution
From: wam () FEDEX COM (William McVey)
Date: Tue, 27 Aug 1996 17:55:48 -0500
Guido M. Witmond wrote:
What about removing the CONCEPT of public writable filesystems like /tmp.
I still like the idea of having a /tmp since it is an area which can be routinely cleaned and users have no expectation that files would last in the hierarchy from day to day. Keeping reasonable quotas and an accessable /tmp allow people to do large disk space intensive stuff (like compile programs), but not permently consume the space. A friend of mine have discussed how setting modes on /tmp in a slightly unconventional manner can increase the security of the system. If instead of having the modes on /tmp allow everyone on the system to write into it (1777), how about creating a new group called 'notmp' and setting the modes on /tmp to be 1707 owned by root and grouped to the 'notmp' group. You'd then put standard system daemon ids like 'www', 'nobody', 'daemon', 'ftp', etc in that group and this would prevent them from scribling onto the filesystem. On servers (ie on systems without informed users) this protection mechanism would give us the ability to have loginids which could run programs but which would have NO write access to the filesystem. You could even go so far as to set particular executables setgid to the 'notmp' group, and prevent regular users who are running that app from accessing /tmp. I think using membership into a group as the basis for removing privilege is an especially good idea that often gets overlooked when people think about permissions. -- William McVey
Current thread:
- Re: Tired of /tmp? Here's a proposed solution William McVey (Aug 27)