[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages

Hi *,

a little bit late, but since I am currently working in germany...


Am 2008-08-11 17:31:51, schrieb Sam Morris:
> A while ago, the use of libpam-tmpdir was suggested in order to mitigate 
> some of these attacks. It would be nice to see it in use by default, some 
> day.
> 
> Obviously there will always be some programs that don't look at the 
> TMPDIR environment variable and directly use /tmp. Isn't there some fancy 
> thing in current kernels that allows /tmp to be mounted individually for 
> each user?

I am using since some years a selvmade tool called tdtmpdir

[michelle.konzack@tp570:~] tdtmpdir --show-tmpdirs
You have following TMPDIR's cached:
               FQDN              | DIS |           TMPDIR
---------------------------------+-----+--------------------------------------
                                 |     | /tmp/michelle.konzack.LbUVct
aspire1350.private.tamay-dogan.n |     | /tmp/michelle.konzack.XC3917
mail.private.tamay-dogan.net     |     | /tmp/michelle.konzack.YG3771
samba3.private.tamay-dogan.net   |     | /tmp/michelle.konzack.iV5846
tp570.private.tamay-dogan.net    |     | /tmp/michelle.konzack.rATqyA
tp570.private.tamay-dogan.net    | :0  | /tmp/michelle.konzack.rATqyA
tp570.private.tamay-dogan.net    | :1  | /tmp/michelle.konzack.rATqyA


The TMPDIRS are cache with:

[michelle.konzack@tp570:~] ls .tmpdir*
-rw-r--r-- 1 michelle.konzack private 29 2007-11-01 22:00 .tmpdir_aspire1350.private.tamay-dogan.net
-rw-r--r-- 1 michelle.konzack private 29 2007-11-13 14:16 .tmpdir_mail.private.tamay-dogan.net
-rw-r--r-- 1 michelle.konzack private 29 2008-08-20 19:43 .tmpdir_samba3.private.tamay-dogan.net
-rw-r--r-- 1 michelle.konzack private 29 2008-08-19 23:19 .tmpdir_tp570.private.tamay-dogan.net
-rw-r--r-- 1 michelle.konzack private 29 2008-08-20 19:43 .tmpdir_tp570.private.tamay-dogan.net:0
-rw-r--r-- 1 michelle.konzack private 29 2007-12-29 22:04 .tmpdir_tp570.private.tamay-dogan.net:1


The FQDN is, because I am mounting /home/ over NFS and in the /etc/profile I have

if [ -x /bin/tdtmpdir ] ; then
  . /bin/tdtmpdir
fi

and since not all programs are honoring $TMPDIR I have

[michelle.konzack@tp570:~] env |grep /tmp/
TMPDIR=/tmp/michelle.konzack.iV5846
TEMP=/tmp/michelle.konzack.iV5846
TEMPDIR=/tmp/michelle.konzack.iV5846
TMP=/tmp/michelle.konzack.iV5846

Unfortunately GIMP and OpenOffice ignore $TMPDIR  and  the  other  three
which is realy annoying.  Some times ago I have already reported  a  BUG
against GIMP but it was closed.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    24V Electronic Engineer
    Tamay Dogan Network
    Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

Reply to: