From owner-freebsd-security  Thu Jan  9 22:59:34 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id WAA23718
          for security-outgoing; Thu, 9 Jan 1997 22:59:34 -0800 (PST)
Received: from pdx1.world.net (pdx1.world.net [192.243.32.18])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id WAA23709
          for <security@freebsd.org>; Thu, 9 Jan 1997 22:59:31 -0800 (PST)
From: proff@suburbia.net
Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id XAA02479 for <security@freebsd.org>; Thu, 9 Jan 1997 23:00:31 -0800 (PST)
Received: (qmail 10485 invoked by uid 110); 10 Jan 1997 06:59:21 -0000
Message-ID: <19970110065921.10484.qmail@suburbia.net>
Subject: Re: Obvious fix for tempfile race conditions?
In-Reply-To: <Pine.BSF.3.95.970109214858.1613A-100000@bitbucket.edmweb.com> from Steve Reid at "Jan 9, 97 10:06:54 pm"
To: steve@edmweb.com (Steve Reid)
Date: Fri, 10 Jan 1997 17:59:21 +1100 (EST)
Cc: security@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> I'd bet there are other, less obvious problems in other programs. 
> 
> Disabling symlinks in /tmp would greatly reduce a cracker's options. 
> 
> 

This is the wrong philosophical approach. Instead of bludgenoning
the file-system, make it work for you. Create per-user temp
directories.

awk </etc/passwd -F: '{system("mkdir -m 1700 /tmp/"$1" ; chown "$1" /tmp/"$1);}'

Most programs will obey one of TMP, TEMPDIR, TMP or their own configuration
file.

-Julian <proff@iq.org>