Re: proposal: per-user temporary directories on by default?

[Martin Pool <mbp@sourcefrog.net>]

On Fri, 25 Jul 2003 22:52:43 -0400, Joey Hess wrote:

> Dwayne C. Litzenberger wrote:
>> - in the meantime, tmpreaper cleans up /tmp/bob
> 
> Just FWIW, but a multiuser system that is running tmpreaper is insecure.
> The bugs apparantly cannot be fixed, but I can write up an exploit if you
> pay me. :-)

Private temporary directories will help to some extent.

It's not a complete solution, because people can still play tricks
with the temporary files created by setuid programs they have run.  On
the other hand if we could hold down the attack to only setuid
programs (which one hopes are more careful anyhow) it would be a
benefit.

> Directory size matters less and less anyway, modern fileystems use
> btrees, and this includes ext3 with -O dir_index. Not default yet,
> apparently.

If it was the deciding factor in getting this adopted, I would write
the 20-line patch to make libpam-tmpdir use multi-level directories.
But as you say I don't think it would be a big deal for most (if any)
systems.

-- 
Martin