Re: Update of tomcat6 - JVM_TMP issue + Dealing with Debian-Ubuntu delta
Niels Thykier wrote:
> Thierry Carrez wrote:
>> I still think /tmp is the right location for JVM temp files, since they
>> aren't cache files and should be cleaned up at system restart. If you
>> don't want them to be in /tmp, you will have to use a specific directory
>> (separate from /var/cache/tomcat6) and make sure it's cleaned up
>> periodically. You mention a security problem as the main reason to
>> change that, could you elaborate ? This code looks secure to me.
>
> I based on a certain lintian tag[1] and the "symlink race"[2] - I admit
> I am not sure to what extend someone could use the attack; the attack
> window is very short as I understand it and does require local user
> access[3].
The code doesn't use temporary files but a temporary directory. mkdir
being atomic, if /tmp/tomcat-temp can't be created because it already
exists, the code fails. There is no attack window, that's quite secure.
> On a related note; shouldn't the postrm script be removing the JVM_TMP
> dir rather than leaving it till next reboot?
It could do that specifically on purge, but I don't think it /needs/ to.
> I am considering to use /var/cache/libtomcat6-java/ or
> /var/cache/tomcat6-tmp/ as tmp dir. I assume that periodically means "on
> restart of tomcat6" (because this is what we have now[4]) and then also
> in the postrm script (since unlike /tmp the new dir will not be removed
> by itself).
That would be better than using /var/cache/tomcat6, you wavoid the
potential conflicts. However those aren't cache directories but really
temporary files, so they really belong to /tmp :)
--
Thierry Carrez
Ubuntu server team
Reply to: