Re: grsecurity2 and per-user tmp dirs
On Sat, 22 May 2004 at 01:11:30PM -0400, funky soul wrote:
> hi folx
> i have installed the grsecurity2 patches and am now running a kernel
> with CONFIG_GRKERNSEC_FIFO and CONFIG_GRKERNSEC_LINK ON. users cannot
> write to /tmp directly which is fine. now i want per-user tmp dirs like
> /tmp/$USER. alas $TMPDIR seems to be ignored. any hints?
CONFIG_GRKERNSEC_FIFO and CONFIG_GRKERNSEC_LINK DO NOT prevent writing
to /tmp. Read the Configure.help:
If you say Y here, users will not be able to write to FIFOs they don't
own in world-writable +t directories (i.e. /tmp), unless the owner of
the FIFO is the same owner of the directory it's held in. If the sysctl
option is enabled, a sysctl option with name "fifo_restrictions" is
If you say Y here, /tmp race exploits will be prevented, since users
will no longer be able to follow symlinks owned by other users in
world-writable +t directories (i.e. /tmp), unless the owner of the
symlink is the owner of the directory. users will also not be
able to hardlink to files they do not own. If the sysctl option is
enabled, a sysctl option with name "linking_restrictions" is created.
CONFIG...LINK deals with SymLinks. Users (even root) cannot follow a
Symlink created by a user who does not own the file they are linking to
(it a globally writable +t directory) UNLESS the owner of the SymLink is
the owner of the globally writable +t directory. In most cases, the
owner of /tmp would be root. This is done so another user will not
predict a tmp file you will open and then create a symlink to a file
they want you to edit/corrupt, IE: ~/something...
CONFIG_GRKERNSEC_FIFO does similar things except it deals with FIFOs.
This is done so someone does not create a FIFO with the name of a tmp
file they are predicting you will open and then you write all your
information to THEIR FIFO.
I hope this helps.
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import