Date: Tue, 24 Dec 1996 18:05:24 +1100 (EST) From: proff@suburbia.net To: marcs@znep.com (Marc Slemko) Cc: freebsd-security@freebsd.org Subject: Re: Holes in default cron jobs (fwd) Message-ID: <19961224070524.29962.qmail@suburbia.net> In-Reply-To: <Pine.BSF.3.95.961223224443.19477F-100000@alive.ampr.ab.ca> from Marc Slemko at "Dec 23, 96 11:01:35 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> NOTE: anyone running a -stable system should apply something resembling
> the patch included below. While some kind soul (hint, hint) may commit
> the below change to -stable, it won't have too much effect since few
> people reinstall /etc. Anyone running -current should check to be sure
> their /etc/security is an updated one.
>
> On Mon, 23 Dec 1996, Steve Reid wrote:
>
> > The only problem they mention in FreeBSD is in /etc/security. Rather than
> > use the OpenBSD /etc/security, I've copied the tmp file change into
> > FreeBSD's /etc/security.
>
> It is generally better to append a context diff (diff -u; or my
> preffered format, -c) instead of the file; regardless of how short it
> is, it makes it easier to see what has changed.
>
> >
> > I'm running 2.1.6.1-RELEASE, but the machine was originally a
> > 2.1.0-RELEASE... Has the /etc/security been updated since then?
My solution to the /tmp/foo problem is:
for n in `awk -F: </etc/passwd '{print $1}'`
do
mkdir -p -m 700 /var/tmps/$n
chown $n /var/tmps/$n
done
add to the start of /etc/rc:
TMPDIR=/var/tmps/root;export TMPDIR
you may need to modify non-root sub-system
startup scripts accordingly.
add to /etc/profile (and csh.cshrc):
TMPDIR=/var/tmps/$USER; export TMPDIR
change all uses of /tmp to $TMPDIR
-Julian Assange (proff@suburbia.net)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19961224070524.29962.qmail>