[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /run vs. /lib/run

On Wednesday 21 December 2005 01:27, Gabor Gombas <gombasg@sztaki.hu> wrote:
> On Tue, Dec 20, 2005 at 10:09:43PM +1000, Anthony Towns wrote:
> > The other aspect is that /var's the place for stuff that varies during
> > normal use; introducing some other place for the same thing is redundant
> > and thus more complex.
> The more I think about it, the usage of /run matches /tmp much better
> than /var. It is for _temporary_ storage until a better place becomes
> available.

Putting system directories under /tmp is a really bad idea, it opens 
possibilities of race condition attacks by unprivileged users against system 
processes.  Generally for almost everything we should be looking to reduce 
usage of /tmp rather than increase it.

I think that the only time /tmp should be used is when a user of the system 
specifically requests that a file be stored there - then the user is making 
the choice and race conditions are difficult to exploit as an attacker 
usually doesn't know when a user is about to create a file or what the name 
will be.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: