Re: [PATCH] set sticky bit when creating /var/tmp mount-point
On Tue, Nov 13, 2001 at 04:20:36AM -0900, Ethan Benson wrote:
> On Tue, Nov 13, 2001 at 12:02:18PM +0100, Kjetil Torgrim Homme wrote:
> > Ethan Benson <erbenson@alaska.net> writes:
-
> > > what good will this do? the permissions of the mount point
> > > directory are irrelevant as they will be replaced by the permissions
> > > of the root directory of the mounted filesystem.
> >
> > It enables the use of vi for non-root users even when /var/tmp isn't
> > mounted ... uh ...
And many other things too! Bash, for instance uses TMPDIR for 'here
documents'.
> and why would that happen? from a security point of view i think the
> directory under mountpoints like tmp should not be world writable, if
> the admin has a different filesystem/partition mounted there he
> probably did so to keep users from gaining write permission to the
> underlying filesystem (esp in the case of /).
It might happen because the admin temporarily un-mounted /var/tmp to
alter its size. Or perhaps the filesystem was damaged and the admin
decided to bring the system up without mounting it before trying to
recover the data. Maybe we simply one day decide we don't need /var/tmp
separate from /var.
Differing permissions on a filesystem and its mountpoint - in the absence
of admin intervention - violate the principle of least surprise for
most mount-points (obvious exceptions are /mnt, /cdrom and /floppy).
The inconsistency with /tmp is itself surprising.
If I want to stop users writing into the /tmp and /var/tmp mountpoint
directories when nothing is mounted on them, then I change the
directory permissions in a deliberate act. However, since the system
will not automatically boot into multi-user mode without mounting all
the filesystems in fstab, I need not fear the mountpoints being exposed
without administrative fiat.
Regards,
Mark.
Reply to: