[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uploaded tmpreaper 1.4.8 (source i386) to master



On Tue 15 Sep 1998, Joey Hess wrote:
> Paul Slootman wrote:
> > > >    * Changed priority to extra, as you really only need this package if you
> > > >      have specialised requirements (i.e. a system with untrusted users).
> > > 
> > > You're kidding, right?
> > 
> > No. According to the (previous) maintainer, for regular desktop / home use
> > a cron job that does "find /tmp -atime +7 ! -type d-print0 | xargs -0 rm -f"
> > is just as good. Tmpreaper just offers a way of closing any avenues of
> > attack, which otherwise will allow a regular user to remove any file on
> > the system. Read the urls referenced by the tmpreaper docs for explanation.
> 
> You're basically arguing, "a typical debian system need not be secure". I
> totally disagree with that. First of all, I doubt that desktop/home use
> makes up a sizably larger percentage of debian use than does use of debian
> as a server. [...]

Well, I personally have installed about 8 debian systems, on which only
one random people are permitted to log into.  Note there's a distinction
here between ftp / www / whatever servers and login servers. It's people
with shell access to the system you have to worry about here; not having
tmpreaper on a www server won't reduce its security (if anyone can give
a counterexample, I'll be happy to revise my POV).

>      [...]   Secondly, once you start weakening what a normal user can do,

Who's weakening what a normal user can do?  I don't see on what
arguments you conclude that; I get the feeling you're getting a bit
carried away here. Making a package priority "extra" instead of
"optional" doesn't do that. With your reasoning, I should make it a
required package?  That's not what I conclude after reading policy on
priorities:

extra
	This contains packages that conflict with others with higher
	priorities, or are only likely to be useful if you already know
	what they are or have specialised requirements. 

Nobody is forcing you to clean up /tmp from cron; maybe most people
expect that _not_ to happen?  So, if you want that to happen (which
falls into the "specialised requirements" part as far as I'm concerned)
you look up an appropriate package such as tmpreaper (at which point
"you already know what they are" is applicable) and install it. Having
it as priority "extra" doesn't make this any more difficult.

> even on a system where all users are trusted, you're paving a path for
> someone malicious to use when they do crack into your system.

If someone cracks into a system, they won't waste their time mucking
about with /tmp, they'll continue using the hole they've already
exploited...


Paul Slootman
-- 
home: paul@wurtel.demon.nl | work: paul@murphy.nl | debian: paul@debian.org
http://www.wurtel.demon.nl | Murphy Software,   Enschede,   the Netherlands


Reply to: