Within the security team, there has recently been some talk of pushing for per-user temp directories by default in etch. I'd like to see what people's reaction to such a proposal would be. There are a number of outstanding "insecure tempfile vulnerabilities", and there has been some talk that they're both too numerous and of low enough impact that they're not even worth releasing DSAs for. Never the less, they are potentially dangerous and should be dealt with on some level. We believe that using libpam_tmpdir by default should make nearly all of these vulnerabilities cease to be relevant (there are some braindead apps that have /tmp hardcoded and don't use $TMP or $TMPDIR). As far as I can tell, we would simply need to move libpam-tmpdir from priority "optional" to "required" and modify the default /etc/pam.d/common-session to include the following line: session optional pam_tmpdir.so I have little operational experience with this PAM module, though. Does it cause problems for certain apps? If so, could these problems be solved with a less simplistic PAM configuration? noah
Attachment:
signature.asc
Description: Digital signature