From owner-cvs-all  Tue Aug 24 11:17:40 1999
Delivered-To: cvs-all@freebsd.org
Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58])
	by hub.freebsd.org (Postfix) with ESMTP
	id A8BB114A2F; Tue, 24 Aug 1999 11:17:21 -0700 (PDT)
	(envelope-from jhay@zibbi.mikom.csir.co.za)
Received: (from jhay@localhost)
	by zibbi.mikom.csir.co.za (8.9.3/8.9.3) id UAA17210;
	Tue, 24 Aug 1999 20:15:19 +0200 (SAT)
	(envelope-from jhay)
From: John Hay <jhay@mikom.csir.co.za>
Message-Id: <199908241815.UAA17210@zibbi.mikom.csir.co.za>
Subject: Re: cvs commit: src/usr.sbin/IPXrouted IPXrouted.8 main.c
In-Reply-To: <199908241755.KAA38905@gndrsh.dnsmgr.net> from "Rodney W. Grimes" at "Aug 24, 1999 10:55:34 am"
To: freebsd@gndrsh.dnsmgr.net (Rodney W. Grimes)
Date: Tue, 24 Aug 1999 20:15:19 +0200 (SAT)
Cc: jhay@FreeBSD.org (John Hay), cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

> > jhay        1999/08/24 06:15:41 PDT
> > 
> >   Modified files:
> >     usr.sbin/IPXrouted   IPXrouted.8 main.c 
> >   Log:
> >   Move ipxrouted.dmp from /tmp to /var/log to make it more difficult to
> > hijack.
> 
> Please make this consistent with all other ``dump on signal'' daemons,
> which typeically dump in /var/tmp.   Ones that come to mind are
> named/bind and gated, I am sure there are others.

Well /var/tmp/ is also a directory where everyone have write access,
so the symlink trick described in PR: 13286 will work there also. Or
is it not considered a big enough problem? (Tricking root into sending
a signal to some daemon to overwrite a symlinked file.) If not, I'll
happily put it in /var/tmp/.

> 
> /var/log is not a DUMP directory.  It should not be used for dumps
> of program internal data.  
> 
> Or perhaps for security reasons it is time to consider a mode 700
> /var/dump directory?  Also perhaps time to add a paths.h entry for
> this?

Well I don't think the data in the ipxrouted.dmp file is sensitive,
I just don't want to be symlinked into overwriting other precious
data.

Hmmm. What about using /var/run/ for it?

John
-- 
John Hay -- John.Hay@mikom.csir.co.za


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message