[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

per-user temp directories by default?

Within the security team, there has recently been some talk of pushing
for per-user temp directories by default in etch.  I'd like to see what
people's reaction to such a proposal would be.

There are a number of outstanding "insecure tempfile vulnerabilities",
and there has been some talk that they're both too numerous and of low
enough impact that they're not even worth releasing DSAs for.  Never the
less, they are potentially dangerous and should be dealt with on some
level.  We believe that using libpam_tmpdir by default should make
nearly all of these vulnerabilities cease to be relevant (there are some
braindead apps that have /tmp hardcoded and don't use $TMP or $TMPDIR).
As far as I can tell, we would simply need to move libpam-tmpdir from
priority "optional" to "required" and modify the default
/etc/pam.d/common-session to include the following line:

session		optional	pam_tmpdir.so

I have little operational experience with this PAM module, though.  Does
it cause problems for certain apps?  If so, could these problems be
solved with a less simplistic PAM configuration?


Attachment: signature.asc
Description: Digital signature

Reply to: