From owner-freebsd-security Sat Apr 21 0:13:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from bluenugget.net (skin-flute.com [64.3.150.188]) by hub.freebsd.org (Postfix) with ESMTP id 1E37737B422 for ; Sat, 21 Apr 2001 00:13:16 -0700 (PDT) (envelope-from geniusj@bluenugget.net) Received: from skinflutei32jg (windows.box [64.3.150.191]) by bluenugget.net (Postfix) with ESMTP id 504B213602 for ; Sat, 21 Apr 2001 00:16:12 -0700 (PDT) Message-ID: <000701c0ca33$5d05fbf0$bf960340@skinflutei32jg> From: "Jason DiCioccio" To: Subject: Fw: Linux patches to solve /tmp race problem Date: Sat, 21 Apr 2001 00:19:11 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This looks pretty neat.. kind of strange, but neat none the less :-).. Any comments on whether it should go to the wishlist or straight to the trash? :) (I think it would be a nice sysctl tweak myself) > From: matthew@DATADELIVERANCE.COM > Hi all, > > I have recently developed some patches to the Linux 2.2 kernels which solve > the /tmp race problem without needing to define environment variables - > useful particularly for naive applications and scripts which dont use > TMPDIR and friends. > > The patch creates "dynamic" symlinks, which point to different paths > depending on the user accessing them (for example, including the UID in the > path name). Such a link can be placed instead of /tmp and/or /var/tmp, and > any other similar directories. More usefully, these links can be configured > to automatically create the directory they refer to if it does not exist. > > This means you can create a directory such as /tmp_files, for example, and > have the /tmp link automatically create user directories in it on demand. > Default permissions and ownership can be specified. > > The patches are available from http://www.datadeliverance.com in the Linux > Patches section, along with a full discussion of the issues involved. Your > comments on the scheme are invited. > > Cheers > > -Matthew > > -- > +--------------------------------------------------------------------------+ > | Matthew Donaldson http://www.datadeliverance.com | > | Data Deliverance Pty. Ltd. Email: matthew@datadeliverance.com | > | 30 Musgrave Ave. Phone: +61 8 8265 7976 _ | > | Banksia Park Fax: +61 8 8265 0032 John / \/ | > | South Australia 5091 3:16 \_/\ | > +--------------------------------------------------------------------------+ > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message