[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Separate tmp-dir for every user?

Marcin Owsiany schreef:
> On Mon, Dec 01, 2008 at 03:12:29PM +0100, Paul van der Vlis wrote:
>> Hello,
>> I am installing a new shared hosting server, and I would like to know
>> how important it is to have a seperate tmp-dir for every user.
>> What are the disadvantages/risks of a shared tmp-dir?
> Can you really elliminate the need for a shared /tmp? I guess you would
> be really lucky not to come across an application which has /tmp
> hardcoded and does not consult $T{E,}MPDIR
> As for the risks, the biggest is probably the possibility of having a
> symlink attack vulnerability in one of your applications. 

But this is then a bug in the application, isn't it?

With regards,
Paul van der Vlis.


Reply to: