On Tue, Aug 12, 2008 at 10:38:07AM +0400, Dmitry E. Oboukhov wrote:
SM> A while ago, the use of libpam-tmpdir was suggested in order to mitigate SM> some of these attacks. It would be nice to see it in use by default, some SM> day. SM> Obviously there will always be some programs that don't look at the SM> TMPDIR environment variable and directly use /tmp. write file to /tmp/filename == write file to $TMPDIR/filename both cases are security holes if TMPDIR=/tmp :)
The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature