Re: /run vs. /lib/run
On Wednesday 21 December 2005 01:27, Gabor Gombas <gombasg@sztaki.hu> wrote:
> On Tue, Dec 20, 2005 at 10:09:43PM +1000, Anthony Towns wrote:
> > The other aspect is that /var's the place for stuff that varies during
> > normal use; introducing some other place for the same thing is redundant
> > and thus more complex.
>
> The more I think about it, the usage of /run matches /tmp much better
> than /var. It is for _temporary_ storage until a better place becomes
> available.
Putting system directories under /tmp is a really bad idea, it opens
possibilities of race condition attacks by unprivileged users against system
processes. Generally for almost everything we should be looking to reduce
usage of /tmp rather than increase it.
I think that the only time /tmp should be used is when a user of the system
specifically requests that a file be stored there - then the user is making
the choice and race conditions are difficult to exploit as an attacker
usually doesn't know when a user is about to create a file or what the name
will be.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: