Bugtraq mailing list archives
Re: Is /tmp still appropriate?
From: Peter W <peterw () USA NET>
Date: Mon, 18 Dec 2000 23:16:39 -0500
At 4:30am Dec 17, 2000, DeRobertis wrote:
I'm not sure how easy it'd be to implement (3), but how about: 1) /stmp/<<username>> as a temp directory for that user. rwx for the user only, of course.
This is not practical in networked environments where there may be many thousands of possible users and hundreds of possible workstations. And you don't want temp dirs on fileservers, as I have been reminded. I think it's better to (safely) create directories as needed on local disks, and prune the directories at reboots or periodically with utilities like 'tmpwatch'.
2) utilities should respect TEMP_DIR,
Nooooo! There are two commonly used environment variables in the open systems universe: TMPDIR (more common) and TMP (less common). Please don't start suggesting others!
which would be set in /etc/profile to /stmp/<<username>>
Re: /etc/profile, please see my earlier posts for information on setting secure TMP directories. Go to the Tux.org site and you can get Bourne shell scripts suitable for calling from /etc/profile (many Linux distributions have /etc/profile scan /etc/profile.d for .sh scripts that are executable: my TMP/TMPDIR scripts are designed to be dropped in place on such systems for easy, modular protection). http://www.securityfocus.com/archive/1/150695 In the next few days, I hope to make available on Tux.org a new version of the bastille-tmpdir-tmp.sh script which will also - let the admin easily specify a directory other than /tmp to make the per-user TMP directories in - keep track of the TMP directory name via a state file in $HOME so that - users can have different TMP dirs on different hosts (e.g., networks where $HOME is on an NFS server but /tmp is local to the workstation the user logs in at) - subsequent logins by the same user on the same host will use the same TMP dir if it still exists and appears safe[0] - consecutive logins by the same user on the same host will use the same TMP dir - make two levels of directories and set the lower as TMP, e.g. TMP="/tmp/tmp-${USER}-${RANDOM_NUMBER}/files" so that unprivileged users cannot guess how crowded a directory is, or when it was last used, simply by looking at the /tmp/tmp-${USER}-${RANDOM_NUMBER} dir I'd like to thank Dick, David, Thomas, and others who have sent comments, criticisms, and suggestions. -Peter [0] this is the tricky part of the new changes; not just testing for /tmp/tmp-user-876da6c/files, but ensuring that both /tmp/tmp-user-876da6c and /tmp/tmp-user-876da6c/files are still safe
Current thread:
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability), (continued)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? Hanspeter Schmid (Dec 20)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Michael Damm (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) stanislav shalunov (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Ryan Russell (Dec 18)
- Message not available
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) 0d0 (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Christian (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) DeRobertis (Dec 18)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Mike A. Harris (Dec 19)
- Re: Is /tmp still appropriate? (was Re: [hacksware]Pine temporary file hijacking vulnerability) Kurt Seifried (Dec 19)
- Re: Is /tmp still appropriate? Peter W (Dec 19)