From owner-freebsd-current  Tue Jun 13  9:55:25 2000
Delivered-To: freebsd-current@freebsd.org
Received: from spirit.jaded.net (shortbus.jaded.net [216.94.132.8])
	by hub.freebsd.org (Postfix) with ESMTP id 21D2437BF8C
	for <freebsd-current@FreeBSD.ORG>; Tue, 13 Jun 2000 09:55:21 -0700 (PDT)
	(envelope-from dan@spirit.jaded.net)
Received: (from dan@localhost)
	by spirit.jaded.net (8.9.3/8.9.3) id MAA00980;
	Tue, 13 Jun 2000 12:55:11 -0400 (EDT)
	(envelope-from dan)
Date: Tue, 13 Jun 2000 12:55:11 -0400
From: Dan Moschuk <dan@FreeBSD.ORG>
To: "Daniel C. Sobral" <dcs@newsguy.com>
Cc: David Gilbert <dgilbert@velocet.ca>, freebsd-current@FreeBSD.ORG
Subject: Re: (thoughts on) the mktemp() patch.
Message-ID: <20000613125511.C834@spirit.jaded.net>
References: <14660.2642.194412.404753@trooper.velocet.net> <394537FE.9AD506CD@newsguy.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <394537FE.9AD506CD@newsguy.com>; from dcs@newsguy.com on Tue, Jun 13, 2000 at 04:20:30AM +0900
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


| > 
| > Maybe the soltion is to think out of the box.  Maybe temporary
| > filestore should be a more official OS service.  Race conditions would
| > be far less common if the OS itself was managing the namespace.
| > 
| > You might even expand the capability somewhat.  Provide process local,
| > uid local and global namespaces.  You'd even gain the ability to
| > specify the limits on temporary filestore.
| 
| We have an out of the box solution. But there are other software out
| there in the world that happens to use mktemp() and we have no control
| of. So we are trying to improve mktemp().

I've avoided this conversation, but what would everyone think of a tmpfs
type of solution with a security minded design?  I took a brief look at
phk's md driver, and it could be quite easily molded to do what I want to
do.  Things like a sysctl option to disallow symlinks in a tmpfs mounted
directory I'm sure would make a few people happy.  The downfall, for being
memory backed, is it's wiped on a reboot (some people, however, consider
this to be A Good Thing).

-- 
Dan Moschuk (TFreak!dan@freebsd.org)
"Don't get even -- get odd!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message