Re: execute permissions in /tmp

To: debian-security@lists.debian.org
Subject: Re: execute permissions in /tmp
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Mon, 14 Jul 2003 13:44:21 -0400
Message-id: <[🔎] 20030714174421.GA15900@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030714165538.GK5164@alcor.net>
References: <[🔎] FMELKIGJMCKDEONBJEDGIEODHKAA.jimpop@yahoo.com> <[🔎] 20030713013416.GG16880@morgul.net> <[🔎] 20030713191024.GB15775@zionlth.org> <[🔎] 20030714035545.GE2970@alcor.net> <[🔎] 20030714050233.GA9170@mirrorshades.net> <[🔎] 20030714111337.GA27196@server-01.lan.hexstream.eu.org> <[🔎] 20030714152849.GG5164@alcor.net> <[🔎] 20030714162301.GA2108@mirrorshades.net> <[🔎] 20030714165538.GK5164@alcor.net>

On Mon, 14 Jul 2003 at 12:55:38PM -0400, Matt Zimmerman wrote:
> On Mon, Jul 14, 2003 at 12:23:01PM -0400, bda wrote:
> > As for the ~/tmp or ~/.tmp commentary, I have no real opinion, but it
> > seems like it'd be a lot of work to implement. :-)
> 
> Most of the work is adding support for the TMPDIR environment variable to
> programs which do not already support it, and that is actually very easy.

Probably harder than that...
What should be done about users that don't have +w to ~?  Many system
services are set up with home directories to / or /home.

www-data:x:33:33:www-data:/var/www:/bin/sh

Unless you are using WebDAV to upload files www-data doesn't need write
access to /var/www.  Even if you did give it write access, anyone
surfing your site would be able to access http://host/tmp/ (unless you
set up another Apache ACL).  The system of a global directory works just
fine if it is properly secured (with say the GRSecurity patch).

Just my .02...

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #51: System has been recalled

Reply to:

Follow-Ups:
- Re: execute permissions in /tmp
  - From: Matt Zimmerman <mdz@debian.org>

References:
- execute permissions in /tmp
  - From: "Jim Popovitch" <jimpop@yahoo.com>
- Re: execute permissions in /tmp
  - From: "Noah L. Meyerhans" <noahm@debian.org>
- Re: execute permissions in /tmp
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: execute permissions in /tmp
  - From: Matt Zimmerman <mdz@debian.org>
- Re: execute permissions in /tmp
  - From: bda <bda@mirrorshades.net>
- Re: execute permissions in /tmp
  - From: David Ramsden <david@hexstream.eu.org>
- Re: execute permissions in /tmp
  - From: Matt Zimmerman <mdz@debian.org>
- Re: execute permissions in /tmp
  - From: bda <bda@mirrorshades.net>
- Re: execute permissions in /tmp
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: execute permissions in /tmp
Next by Date: Re: execute permissions in /tmp
Previous by thread: Re: execute permissions in /tmp
Next by thread: Re: execute permissions in /tmp
Index(es):
- Date
- Thread