Re: FHS compliance and UNIX sockets
>>>>> "Ethan" == Ethan Benson <email@example.com> writes:
Ethan> On Thu, Feb 01, 2001 at 10:52:11AM +1100, Brian May wrote:
>> where /tmp/user is owned by root, and a very simply setuid root
>> program does (translated to more appropriate language):
>> 1. mkdir /tmp/user/$UID 2. chown $UID /tmp/user/$UID
>> Now, DOS is impossible.
Ethan> why make things setuid root unecessarily? this small
Ethan> program can be simplified by making /tmp/user/ mode 1775
Ethan> root.tmp or somesuch. then the small helper only needs to
Ethan> be setgid tmp. you no longer have to worry about chown()
Ethan> that way either. if an exploit is found in this program
Ethan> you are no worse off then plain 1777 /tmp.
(I had a feeling setgid would be better, but didn't realize it would
be this much better.)
Brian May <firstname.lastname@example.org>