Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 10 Jan 1997 17:59:21 +1100 (EST)
From:      proff@suburbia.net
To:        steve@edmweb.com (Steve Reid)
Cc:        security@freebsd.org
Subject:   Re: Obvious fix for tempfile race conditions?
Message-ID:  <19970110065921.10484.qmail@suburbia.net>
In-Reply-To: <Pine.BSF.3.95.970109214858.1613A-100000@bitbucket.edmweb.com> from Steve Reid at "Jan 9, 97 10:06:54 pm"

next in thread | previous in thread | raw e-mail | index | archive | help
> I'd bet there are other, less obvious problems in other programs. 
> 
> Disabling symlinks in /tmp would greatly reduce a cracker's options. 
> 
> 

This is the wrong philosophical approach. Instead of bludgenoning
the file-system, make it work for you. Create per-user temp
directories.

awk </etc/passwd -F: '{system("mkdir -m 1700 /tmp/"$1" ; chown "$1" /tmp/"$1);}'

Most programs will obey one of TMP, TEMPDIR, TMP or their own configuration
file.

-Julian <proff@iq.org>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970110065921.10484.qmail>