Re: RFD: use transient /var/run (tmpfs) or not?
On Tue, 21 Sep 2004 21:37, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
> > Creating a subdirectory with appropriate owner and permissions in
> > postinst is both secure and convenient (see
> > /var/run/postgresql).
> >
> > Running as root at startup is neither secure nor convenient.
>
> startup scripts in /etc/rc?.d run as root and have privileges to
> mkdir/chown/chmod the directory.
>
> So the problem will only be, when user will wants to start it manually.
> But running startup script via sudo (or its alternative) is imho better
> than executing daemon manually, so I see no problem here.
The problem is that many daemons want/need to create files under /var/run. So
those daemons have write access to /var/run for whatever they want to create.
If an attacker knows of a security hole in one of the daemons that starts
early in the boot sequence they could make it create files or directories of
the names that match those which are used by daemons started later in the
boot sequence.
Ideally I think that we would have a directory for each daemon that
uses /var/run. We would have a single process create all of them (could have
files in /etc/var-run.d specifying the names, ownership, and permissions of
all such directories). Then when each daemon starts it only has permission
to write to it's own sub-directory of /var/run.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: