pam_tmpdir, etc
Tollef Fog Heen
tfheen at raw.no
Fri Oct 29 03:15:11 CDT 2004
* Martin Pool
| > I think it would be a great thing to try out in Hoary, to do something
| > proactive about insecure temporary files. pam_tmpdir is only one of the
| > available pre-existing solutions, and there are also various ways that we
| > could tackle this on our own.
|
| There are a lot of other possibilities, some of which are discussed on
| the d-d thread. In the long term I think I would like to eliminate
| the world-writable /tmp altogether, though that would probably break
| too many scripts.
I don't think you can do that and still stay POSIX, unfortunately.
| > One of the shortcomings of pam_tmpdir is that it won't have any effect on
| > programs which don't honor TMPDIR. Yes, those programs are arguably buggy,
| > but programs with temporary file vulnerabilities were already buggy. :-)
|
| Yes, that's true. It may be a smaller number of programs though, and
| to some extent this is a numbers game.
grepping for /tmp in .h and .c files is a start, of course, you have
to go through this by hand (since a lot will fall back to using /tmp
if getenv(«TMPDIR») doesn't return anything useful (but then, then
should be using mkstemp or tmpfile)). Shell, python, perl scripts
will also have to be looked at, of course.
| (Ask yourself: what would djb do? :-)
I don't think doing what djb would do would make much sense.
--
Tollef Fog Heen ,''`.
UNIX is user friendly, it's just picky about who its friends are : :' :
`. `'
`-
More information about the ubuntu-devel
mailing list