Where should users have their temp files?

To: debian-devel@lists.debian.org
Subject: Where should users have their temp files?
From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
Date: Wed, 28 May 1997 23:09:35 +0200 (MET DST)
Message-id: <[🔎] 199705282131.XAA03513@mvmap66.ciw.uni-karlsruhe.de>
Reply-to: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas König)

There are some nasty attacks with links and symlinks in temp directories
(see bugtraq for an extended list).  Some programs solve this by
putting temp files in home directories.  This is clearly suboptimal
(networked home directory, quotas, ...).  /tmp and /var/tmp are there
for a good reason.

One possible solution would be to give each user a personal
/var/tmp/<username>, mode 700, and have as many functions (mktemp, ...)
return a string to there.

Loss: a few inodes.
Gain: fewer security holes.

Comments?
-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Where should users have their temp files?
  - From: Guy Maor <maor@ece.utexas.edu>

Prev by Date: policy about putting packages into frozen ?
Next by Date: Re: Upgrading from 1.1 to frozen
Previous by thread: Re: policy about putting packages into frozen ?
Next by thread: Re: Where should users have their temp files?
Index(es):
- Date
- Thread