The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /tmp usage and security

To: Andrea Mennucci <mennucci@cibs.sns.it>
Subject: Re: /tmp usage and security
From: Magossa'nyi A'rpa'd <mag@bunuel.tii.matav.hu>
Date: Thu, 9 Oct 1997 15:49:23 +0100
Cc: security@debian.org, debian-private@lists.debian.org
In-reply-to: <9710091016.AA43615@cibs.sns.it>
Resent-cc: recipient list not shown: ;
Resent-date: 9 Oct 1997 12:45:52 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"5_eFZD.A.qnH.-HNP0"@debian>
Resent-sender: debian-private-request@lists.debian.org

On Thu, 9 Oct 1997, Andrea Mennucci wrote:

> I think that there is no easy patch to these situations;
> here are a few proposals for developers
> 
> 1) Before a program creates a files in /tmp, 
>    it checks if there is already one with the same name, and unlinks it
>    or it change the chosen name for the file
> 2) All temporary files that are created should be of the form
>    name.$$.$rand
>    where $$ is the pid number and $rand is a random string of 8 characters;
I think that the correct solution is prohibit scripts using the tmp. They
should have their own dir under /var/* , and have that owned the runner of the
script. It is sometimes not a good solution, I know. Another solution is
create a directory under tmp and use temporary scripts there. i recall that
it had been talked about on bugtraq, and there should be done other
precautions I forgot.
> 
> BTW
> a function in libc6 may be added, like this:
>  char *good_temp_filename(char *name)
> this function, given a name, builds a good filename for a file in /tmp/
>  using name as a prefix
> A command in /usr/bin may be created to perform the same trick for shell
> scripts.
It is not a solution either. There is a race condition involved either.
For C programs there is the mkstemp(3) call which gives a _file_descriptor_.
Providing a program which makes something like that you have proposed but
in a really safe way (creating a directory, checking it, and establishing a
file in it) seems to be a good solution.
> 
> 3) at boot time, right after the
>  rm -rf /tmp/
> a scripts creates all directories like 
>  /tmp/.users/USER 
> where  USER are all the usernames in /etc/passwd,
> with ownership to USER and mode 
>  chmod og-rwx
It is equivalent to have temp dirs for every user in their home.
> 
> good_temp_filename() check if /tmp/.users/USER exist;
> otherwise it tries to give a name that is not used.
> Programs that use this function would be safer.
> 
> I understand that doing this may be problematic; it involves 
> asking all developers/mantainers to review their code;
> but I see no easy solution to this problem.
Neither me.

---
GNU GPL: csak tiszta forrásból


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org .
Trouble?  e-mail to templin@bucknell.edu .

References:
- /tmp usage and security
  - From: mennucci@cibs.sns.it (Andrea Mennucci)

Prev by Date: /tmp usage and security
Next by Date: Re: SNI-19:BSD lpd vulnerability (fwd)
Previous by thread: /tmp usage and security
Next by thread: Re: /tmp usage and security
Index(es):
- Date
- Thread