From owner-freebsd-questions  Tue Oct 16  9:33:16 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60])
	by hub.freebsd.org (Postfix) with ESMTP id 07E4537B407
	for <questions@freebsd.org>; Tue, 16 Oct 2001 09:33:12 -0700 (PDT)
Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Tue, 16 Oct 2001 17:27:11 +0100
Received: from cmjg (helo=localhost)	by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1)	id 15tX0w-00049W-00;
          Tue, 16 Oct 2001 17:24:22 +0100
Date: Tue, 16 Oct 2001 17:24:22 +0100 (BST)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender:  <cmjg@mail.ilrt.bris.ac.uk>
To: ann kok <annkok2001@yahoo.com>
Cc: Mike Meyer <mwm@mired.org>, questions <questions@freebsd.org>
Subject: Re: tmp security
In-Reply-To: <20011016152941.21060.qmail@web20110.mail.yahoo.com>
Message-ID: <Pine.GSO.4.31.0110161723300.11492-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 16 Oct 2001, ann kok wrote:

> Dear Mike
>
> Many thanks for your reply
>
> For Q2, could you give me example?
>
> Tks a lots
>
>
>
> --- Mike Meyer <mwm@mired.org> wrote:
> > ann kok <annkok2001@yahoo.com> types:
> > > Hi all
> > > I have two questions about tmp directory
> > > 1/ is it automatically clear file after reboot
> >
> > Not by default. If you want it cleared, either 1)
> > add
> > "clear_tmp_enable=YES" to /etc/rc.conf, or 2) mount
> > it on a memory
> > file system.
> >
> > > 2/ how do I get information about tmp security?
> > > I read a book a command 'sort', suggest not to use
> > tmp
> > > as temp directory
> >
> > It's insecure to use predictable names for temporary
> > files if you put
> > them where other users can create symlinks. Use the
> > mktemp(3)
> > function(s) to generate names, and you can avoid
> > that problem.

I suggested a while ago that people mount /tmp with symlink following
turned off. I got quite a bit of feedback about it; nobody seems to have
found anything it breaks (except root hacks).



-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Theoremhood is decidable.
It just takes time at least exponential in the length of the proof.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message