Date: Fri, 11 Feb 2005 15:35:17 -0500 From: Tom Trelvik <ttt@cwru.edu> To: freebsd-questions@freebsd.org Subject: Re: /tmp on same partition as / Message-ID: <420D1705.4060802@cwru.edu> In-Reply-To: <8ca932905021112136ad00369@mail.gmail.com> References: <8ca932905021112136ad00369@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Morland wrote: > In your opinion is having /tmp on the same partition as / really THAT > bad in this case? I'm just wondering cause some people have mentioned > that its a major security risk. Really, I don't think it is for what > this box is doing. It's obviously a much bigger security risk on a multiuser machine, but even without that being the case, I'm assuming the machine will be providing some sort of network service? Then it can still be a risk worth taking into account. One or more network services may be making use of /tmp, and if so an unauthenticated external user could plausibly find ways to make those services max out their usage of /tmp, possibly filling your root partition in the process. Even without worrying at all about malicious intent, /tmp on / makes it very easily to *accidentally* fill your root partition, but'll still be a pain for you to have to deal with it if that happens. More seriously, a vulnerability could be found in one of those services that could depend on files in /tmp being executable (which should never be true). With a separate /tmp partition, you can easily have it mounted with the noexec option for an added layer of security, so that even if they create a malicious executable in /tmp, they won't be able to execute it without moving it to another file system, which would probably require they already have shell access, defeating the purpose. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?420D1705.4060802>