From owner-freebsd-security  Mon Feb 25  5:11: 0 2002
Delivered-To: freebsd-security@freebsd.org
Received: from smtp1.oskarmobil.cz (smtp1.oskarmobil.cz [217.77.161.133])
	by hub.freebsd.org (Postfix) with ESMTP id 2142237B417
	for <freebsd-security@FreeBSD.ORG>; Mon, 25 Feb 2002 05:10:54 -0800 (PST)
Received: from wh01ex01.ceskymobil.cz (wh01ex01.oskarmobil.cz [172.20.116.17])
	by smtp1.oskarmobil.cz (8.11.2/8.11.1) with ESMTP id g1PD4Lg86659;
	Mon, 25 Feb 2002 14:04:21 +0100 (CET)
	(envelope-from Milon.Papezik@oskarmobil.cz)
Received: by wh01ex01.oskarmobil.cz with Internet Mail Service (5.5.2653.19)
	id <FJYTTRB7>; Mon, 25 Feb 2002 14:07:37 +0100
Message-ID: <B57AF59C8ABFD411BBE000508BF300F303B7063D@wh01ex01.oskarmobil.cz>
From: =?iso-8859-1?Q?Milon_Papez=EDk?= <Milon.Papezik@oskarmobil.cz>
To: "'Kris Kennaway'" <kris@obsecurity.org>,
	"Scot W. Hetzel" <hetzels@westbend.net>
Cc: "'freebsd-security@freebsd.org'" <freebsd-security@FreeBSD.ORG>
Subject: RE: RE: Third /tmp location ?
Date: Mon, 25 Feb 2002 14:07:31 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

OK, in such case the /usr/tmp/shloud does not need and should not be
world writable (i.e. mode only 01700 instead of 01777).

	Thanks,
	Milon
--
milon.papezik@oskarmobil.cz


-----Original Message-----
From: Kris Kennaway [mailto:kris@obsecurity.org]
Sent: Sunday, February 24, 2002 1:17 AM
To: Scot W. Hetzel
Cc: Kris Kennaway; Milon Papez=EDk; 'Matthew Dillon';
'freebsd-security@freebsd.org'
Subject: Re: RE: Third /tmp location ?


On Sat, Feb 23, 2002 at 02:48:52PM -0600, Scot W. Hetzel wrote:
> From: "Kris Kennaway" <kris@obsecurity.org>
>=20
> How about patching find_play_pen to set a variable to say that =
/usr/tmp
was
> created by the pkg_install tools and then when the pkg_install tools =
call
> leave_playpen, /usr/tmp is removed only if the variable is set.

That might be the best idea.

> attached is a untested patch for pen.c.

It's best to include patches directly so they can be read inline, but
thanks..I'll try and take a look at it.

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message