[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

On Tue, Aug 12, 2008 at 10:38:07AM +0400, Dmitry E. Oboukhov wrote:
SM> A while ago, the use of libpam-tmpdir was suggested in order to mitigate
SM> some of these attacks. It would be nice to see it in use by default, some
SM> day.

SM> Obviously there will always be some programs that don't look at the
SM> TMPDIR environment variable and directly use /tmp.
write file to /tmp/filename == write file to $TMPDIR/filename
both cases are security holes if TMPDIR=/tmp :)

The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp
that is only accessible by that user, and then sets TMPDIR and other
variables to that.  Hence, it doesn't matter nearly as much if you
create a non-random filename, because nobody but you can access it.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: