From owner-freebsd-security Wed Jun 7 6:13:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 8471A37BC73 for ; Wed, 7 Jun 2000 06:13:36 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA22732; Wed, 7 Jun 2000 06:12:27 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda22730; Wed Jun 7 06:12:17 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA78241; Wed, 7 Jun 2000 06:12:16 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdp78239; Wed Jun 7 06:11:54 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e57DBsW08744; Wed, 7 Jun 2000 06:11:54 -0700 (PDT) Message-Id: <200006071311.e57DBsW08744@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdzl8739; Wed Jun 7 06:11:10 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: netch@lucky.net Cc: Matthew Dillon , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Wed, 07 Jun 2000 14:44:21 +0300." <20000607144421.A82711@lucky.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Jun 2000 06:11:09 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org n message <20000607144421.A82711@lucky.net>, Valentin Nechayev writes: > Tue, Jun 06, 2000 at 23:55:03, dillon wrote about "Re: FreeBSDDEATH.c.txt (m > map dirty page no check bug)": > > > Maybe on your system it is, but try running a multi-user system that > > way and you will quickly find your /var/tmp filled up to the brim. Or, > > Of course, of course. > It is general problem of any public-accessable resource. > Do you think you can really fix this world? Or do you try to emit /tmp > as philosophical category? Agreed. That's why the whole concept of /tmp and /var/tmp is flawed. In my original reply in this thread I tried to take a broad as view and conciliatory view as possible to satisfy all points of view and hopefully have people consider (gently nudge) the idea of the more secure approach of no /tmp as an option. My orignal tactic obviously did not work I am now showing my true colours by insisting (like everyone else does) that /tmp and /var/tmp as we know them be retired, to be replaced by a paradigm that is more secure. Any less is invitation for disaster! Replacement candidates for /tmp and /var/tmp are: 1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. 2. Each user maintains their own /tmp as $HOME/tmp or some such thing. An idea I had discussed with my co-workers a number of years ago. > > > MFS is a terrible idea for /tmp. Each page in an MFS filesystem eats > > *TWO* pages of physical memory (until swapped). This means that the > > It is problem of one broken realization, isn't it? Compaq back when they were Digital and Sun both claim that their MFS and TMPFS, respectively, are faster than disk. Agreed, the FreeBSD MFS implementation is very much broken. I'm not sure whether md pseudo-devices are stable enough production yet. Anyone on this list with good or bad experience with the new md pseudo-devices? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC I To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message