Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Aug 1999 12:48:53 -0700 (PDT)
From:      "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
To:        jhay@mikom.csir.co.za (John Hay)
Cc:        jhay@FreeBSD.org (John Hay), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/usr.sbin/IPXrouted IPXrouted.8 main.c
Message-ID:  <199908241948.MAA40375@gndrsh.dnsmgr.net>
In-Reply-To: <199908241815.UAA17210@zibbi.mikom.csir.co.za> from John Hay at "Aug 24, 1999 08:15:19 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
> > > jhay        1999/08/24 06:15:41 PDT
> > > 
> > >   Modified files:
> > >     usr.sbin/IPXrouted   IPXrouted.8 main.c 
> > >   Log:
> > >   Move ipxrouted.dmp from /tmp to /var/log to make it more difficult to
> > > hijack.
> > 
> > Please make this consistent with all other ``dump on signal'' daemons,
> > which typeically dump in /var/tmp.   Ones that come to mind are
> > named/bind and gated, I am sure there are others.
> 
> Well /var/tmp/ is also a directory where everyone have write access,
> so the symlink trick described in PR: 13286 will work there also. Or
> is it not considered a big enough problem? (Tricking root into sending
> a signal to some daemon to overwrite a symlinked file.) If not, I'll
> happily put it in /var/tmp/.

The exploit applies to all the tools I mentioned, or at least it
_could_ it depends on if the program does an unlink first, and even
then you could have a race condition.

> > 
> > /var/log is not a DUMP directory.  It should not be used for dumps
> > of program internal data.  
> > 
> > Or perhaps for security reasons it is time to consider a mode 700
> > /var/dump directory?  Also perhaps time to add a paths.h entry for
> > this?
> 
> Well I don't think the data in the ipxrouted.dmp file is sensitive,
> I just don't want to be symlinked into overwriting other precious
> data.
> 
> Hmmm. What about using /var/run/ for it?

Have you read man 7 hier?  I can't find a place this stuff should
really go that would protect it from the symlink exploit, that is
why I proposed a new directory for it.  

              run/       system information files describing various info
                         about system since it was booted



-- 
Rod Grimes - KD7CAX - (RWG25)                    rgrimes@gndrsh.dnsmgr.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908241948.MAA40375>