Re: execute permissions in /tmp
On Mon, 14 Jul 2003 at 12:55:38PM -0400, Matt Zimmerman wrote:
> On Mon, Jul 14, 2003 at 12:23:01PM -0400, bda wrote:
> > As for the ~/tmp or ~/.tmp commentary, I have no real opinion, but it
> > seems like it'd be a lot of work to implement. :-)
>
> Most of the work is adding support for the TMPDIR environment variable to
> programs which do not already support it, and that is actually very easy.
Probably harder than that...
What should be done about users that don't have +w to ~? Many system
services are set up with home directories to / or /home.
www-data:x:33:33:www-data:/var/www:/bin/sh
Unless you are using WebDAV to upload files www-data doesn't need write
access to /var/www. Even if you did give it write access, anyone
surfing your site would be able to access http://host/tmp/ (unless you
set up another Apache ACL). The system of a global directory works just
fine if it is properly secured (with say the GRSecurity patch).
Just my .02...
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #51: System has been recalled
Reply to: