Bugtraq mailing list archives
Re: where user temp files should go, env var names
From: Peter W <peterw () USA NET>
Date: Tue, 12 Dec 2000 19:32:03 -0500
At 5:00pm Dec 11, 2000, Thomas Corriher wrote:
So many of these problems would just disappear if the system's default profile had something like "$TMPDIR=$HOME" or "$TMPDIR=$HOME/tmp". Pine is not really the problem. Poorly configured systems are the problem.
Yes, I quite agree. Vendors provide apps that default to /tmp in the absense of $TMP, so they *should* make an effort at safe $TMP dirs. * Environment Variable Names & Conventions * First, we've observed that some applications respect $TMP while others expect $TMPDIR. I would like to suggest that *only* these two variable names should be used to indicate preferred locations for temporary files. Please, please do not expect any other similar environment variable names. It is NOT reasonable to expect users and system admins to accomodate a whole mess of environment variable names. The value of the environment variables should be the name of the preferred temp directory, without any trailing slash, e.g. TMP="/home/foo/tmp" where /home/foo/tmp is a safe dir. In my opinion, it is reasonable for an application to expect TMP or TMPDIR to point to safe space. An application that looks for another env var should be corrected. Does your app look for $TEMP? Either change that, or at least make it *also* check for TMP or TMPDIR. * Not Just For Filesystem Security * Some admins, especially those on syetms that use tmpfs for /tmp, prefer that users *not* create (large) temporary files in /tmp, to avoid depletion of swap space. So, while your application may be very careful about safely using temporary space, admins will appreciate it if your app also respects TMP and/or TMPDIR so they can direct resource usage better.
This type of problem appears again, and again, and again; yet these problems could be fixed with a one-liner.
* Privacy * Well, a bit more than a one-liner, as my script has shown; with many default umasks of 002 or 022, you want a directory with more protection against snooping. And root's home dir is often "/" which makes ${HOME}/tmp problematic. ;-) Plus it's nice if the app can assume $TMPDIR's existence.
I am not even an expert on security matters, but I do know enough about the basics to realize that many default configurations are incredibly stupid.
* Reasons Why Vendors Don't Use $HOME To Hold $TMP / $TMPDIR * One of the problems with TMP and TMPDIR is that of filesystem purging. Many Unix systems clear /tmp on each reboot. Many Linux systems use apps like Red Hat's 'tmpwatch' to purge shared areas like /tmp of unused files. I suppose that could be addressed by putting an invocation of 'tmpwatch' in the profile scripts in /etc/skel so users could disable the cleaning of ${HOME}/tmp if they'd like (or in /etc/profile.d if you want to enforce the pruning). Another problem with TMP/TMPDIR in home directory space is that some apps may need to write big files that are better suited to space like /tmp which is 1) not backed up and 2) often on fast tmpfs space. Admins concerned about these issues can make safe temp dirs inside /tmp, with the caveat that doing so can enable users to monitor the login habits of others unless more sophisticated coding is done (e.g., reusing temp dirs). * More Free Code * I've put together another quick script, for making dirs inside /tmp, which you can get from my Web space at http://www.tux.org/~peterw/linux/ bastille-tmpdir.sh.txt - older: makes persistent dir in $HOME bastille-tmpdir-tmp.sh.txt - new!: makes new dirs inside /tmp Both are designed to be installed in /etc/profile.d (without the .txt extension, and set executabe) to protect Bourne shell users on typical Linux systems. -Peter
Current thread:
- [hacksware]Pine temporary file hijacking vulnerability JW Oh (Dec 12)
- Re: [hacksware]Pine temporary file hijacking vulnerability Thomas Corriher (Dec 13)
- Re: where user temp files should go, env var names Peter W (Dec 14)
- Re: where user temp files should go, env var names Andrzej Chabierski (Dec 16)
- Re: where user temp files should go, env var names Valdis Kletnieks (Dec 18)
- Re: where user temp files should go, env var names Aaron Drew (Dec 18)
- Re: where user temp files should go, env var names Mike A. Harris (Dec 19)
- Re: where user temp files should go, env var names Nick Phillips (Dec 21)
- Re: where user temp files should go, env var names Peter J . Holzer (Dec 21)
- Re: where user temp files should go, env var names Doug Wyatt (Dec 21)
- Message not available
- Re: where user temp files should go, env var names Jay R. Ashworth (Dec 21)
- Re: where user temp files should go, env var names Peter W (Dec 14)
- Re: [hacksware]Pine temporary file hijacking vulnerability Thomas Corriher (Dec 13)