Re: Separate tmp-dir for every user?

To: Debian Isp <debian-isp@lists.debian.org>
Subject: Re: Separate tmp-dir for every user?
From: Maarten Vink <vink@interstroom.nl>
Date: Mon, 1 Dec 2008 16:28:28 +0100
Message-id: <[🔎] 1C2781E5-F055-476B-AEB9-9C5743355095@interstroom.nl>
In-reply-to: <[🔎] 20081201144522.GC30613@beczulka>
References: <[🔎] 4933F0CD.3060704@vandervlis.nl> <[🔎] 20081201144522.GC30613@beczulka>

On Mon, Dec 01, 2008 at 03:12:29PM +0100, Paul van der Vlis wrote:

Hello,

I am installing a new shared hosting server, and I would like to know
how important it is to have a seperate tmp-dir for every user.

What are the disadvantages/risks of a shared tmp-dir?

Can you really elliminate the need for a shared /tmp? I guess youwould

be really lucky not to come across an application which has /tmp
hardcoded and does not consult $T{E,}MPDIR

As for the risks, the biggest is probably the possibility of having a
symlink attack vulnerability in one of your applications. Having
per-user tmp dirs avoids the problem for applications which will use
them.

Actually, we've been using this kind of setup for a while now, and wehave yet to see any major problems. And one doesn't exclude the other;just set up a separate tmp-dir for each user, and still allow everyoneto write to /tmp. That way any application that has the pathshardcoded will still function.


Regards,

Maarten Vink

Reply to:

Follow-Ups:
- Re: Separate tmp-dir for every user?
  - From: "Jonathan Yu" <jonathan.i.yu@gmail.com>

References:
- Separate tmp-dir for every user?
  - From: Paul van der Vlis <paul@vandervlis.nl>
- Re: Separate tmp-dir for every user?
  - From: Marcin Owsiany <porridge@debian.org>

Prev by Date: Re: Separate tmp-dir for every user?
Next by Date: Re: Separate tmp-dir for every user?
Previous by thread: Re: Separate tmp-dir for every user?
Next by thread: Re: Separate tmp-dir for every user?
Index(es):
- Date
- Thread