Re: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]

To: debian-devel@lists.debian.org
Subject: Re: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
From: Simon McVittie <smcv@debian.org>
Date: Tue, 7 May 2024 14:06:27 +0100
Message-id: <[🔎] ZjonU-VSI9hoKAD8@remnant.pseudorandom.co.uk>
In-reply-to: <[🔎] 3jgjnihk6v5qcagpuhhd9ssa.1715085092749@email.android.com>
References: <[🔎] 87cypxoo3d.fsf@hands.com> <[🔎] 3jgjnihk6v5qcagpuhhd9ssa.1715085092749@email.android.com>

On Tue, 07 May 2024 at 07:34:54 -0500, rhys@neoquasar.org wrote:
> possibly convince those applications to use their own
> scratch space such as /tmp/<package>/ that is more easily identifiable

This would be a denial of service at best, and a privilege escalation
vulnerability at worst. To be safe, it would have to be more like
/tmp/<package>.XXXXXX where the XXXXXX is replaced by a random string
by mkstemp() or similar.

(For example my system currently has /var/tmp/flatpak-cache-5X58M2/ which
is fine, but using /var/tmp/flatpak-cache/ would be wrong.)

    smcv

Reply to:

References:
- Re: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
  - From: Philip Hands <phil@hands.com>
- Re: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
  - From: rhys@neoquasar.org

Prev by Date: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
Next by Date: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
Previous by thread: Re: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
Next by thread: Re: Re: Re: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
Index(es):
- Date
- Thread