[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFD: use transient /var/run (tmpfs) or not?

On Tue, 21 Sep 2004 21:37, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
> > Creating a subdirectory with appropriate owner and permissions in
> > postinst is both secure and convenient (see
> > /var/run/postgresql).
> >
> > Running as root at startup is neither secure nor convenient.
> startup scripts in /etc/rc?.d run as root and have privileges to
> mkdir/chown/chmod the directory.
> So the problem will only be, when user will wants to start it manually.
> But running startup script via sudo (or its alternative) is imho better
> than executing daemon manually, so I see no problem here.

The problem is that many daemons want/need to create files under /var/run.  So 
those daemons have write access to /var/run for whatever they want to create.

If an attacker knows of a security hole in one of the daemons that starts 
early in the boot sequence they could make it create files or directories of 
the names that match those which are used by daemons started later in the 
boot sequence.

Ideally I think that we would have a directory for each daemon that 
uses /var/run.  We would have a single process create all of them (could have 
files in /etc/var-run.d specifying the names, ownership, and permissions of 
all such directories).  Then when each daemon starts it only has permission 
to write to it's own sub-directory of /var/run.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: