Date: Fri, 22 Feb 2002 20:24:23 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Robert Herrold <bobber@intense.net> Cc: Kris Kennaway <kris@obsecurity.org>, =?iso-8859-1?Q?Milon_Papez=EDk?= <Milon.Papezik@oskarmobil.cz>, 'Matthew Dillon' <dillon@apollo.backplane.com>, "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG> Subject: Re: RE: Third /tmp location ? Message-ID: <20020222202422.A19056@xor.obsecurity.org> In-Reply-To: <023101c1bc11$ddc49b40$6c01a8c0@mpcsecurity.com>; from bobber@intense.net on Fri, Feb 22, 2002 at 08:29:06PM -0600 References: <B57AF59C8ABFD411BBE000508BF300F303B70636@wh01ex01.oskarmobil.cz> <20020222181831.B17981@xor.obsecurity.org> <023101c1bc11$ddc49b40$6c01a8c0@mpcsecurity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 22, 2002 at 08:29:06PM -0600, Robert Herrold wrote: > This isn't really a security issue though, and should be taken to one > of the code discussion lists if you want to take it further. >=20 > Kris >=20 > I disagree. This world writable tmp directory is vanilla with a fresh > install. I don't think this is something to take lightly at all. I was referring to the email I was immediately responding to, regarding fixing /tmp usage in other applications in the tree. Regarding the mkdir() in pkg_add, one should be careful in just removing it, because the default /tmp and /var/tmp directories are probably not large enough to be able to install huge packages like e.g. tetex, because pkg_add unpacks the package in the temporary directory before installing. We have a number of packages which are over 100MB in size, compressed, and if you don't have a temporary directory available with enough space, installation from sysinstall will fail. Kris --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8dxl2Wry0BWjoQKURAhLQAJ0WNs9I+bT2AX2jIZVd7TecMx6VzwCglC2X gCmYeg3BUAlt4Dhps0soj5Q= =Q06l -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020222202422.A19056>