Re: grsecurity2 and per-user tmp dirs

To: funky soul <funkysoul@swissonline.ch>
Cc: debian-security@lists.debian.org
Subject: Re: grsecurity2 and per-user tmp dirs
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Sat, 22 May 2004 13:47:17 -0400
Message-id: <[🔎] 20040522174717.GA9397@zionlth.org>
In-reply-to: <[🔎] 20040522191130.3d142f46@blackbox>
References: <[🔎] 20040522191130.3d142f46@blackbox>

On Sat, 22 May 2004 at 01:11:30PM -0400, funky soul wrote:
> hi folx
> 
> i have installed the grsecurity2 patches and am now running a kernel
> with CONFIG_GRKERNSEC_FIFO and CONFIG_GRKERNSEC_LINK ON. users cannot
> write to /tmp directly which is fine. now i want per-user tmp dirs like
> /tmp/$USER. alas $TMPDIR seems to be ignored. any hints?

CONFIG_GRKERNSEC_FIFO and CONFIG_GRKERNSEC_LINK DO NOT prevent writing
to /tmp.  Read the Configure.help:

CONFIG_GRKERNSEC_FIFO
  If you say Y here, users will not be able to write to FIFOs they don't
  own in world-writable +t directories (i.e. /tmp), unless the owner of
  the FIFO is the same owner of the directory it's held in.  If the sysctl
  option is enabled, a sysctl option with name "fifo_restrictions" is
  created.

CONFIG_GRKERNSEC_LINK
  If you say Y here, /tmp race exploits will be prevented, since users
  will no longer be able to follow symlinks owned by other users in
  world-writable +t directories (i.e. /tmp), unless the owner of the
  symlink is the owner of the directory. users will also not be
  able to hardlink to files they do not own.  If the sysctl option is
  enabled, a sysctl option with name "linking_restrictions" is created.

CONFIG...LINK deals with SymLinks.  Users (even root) cannot follow a
Symlink created by a user who does not own the file they are linking to
(it a globally writable +t directory) UNLESS the owner of the SymLink is
the owner of the globally writable +t directory.  In most cases, the
owner of /tmp would be root.  This is done so another user will not
predict a tmp file you will open and then create a symlink to a file
they want you to edit/corrupt, IE: ~/something...

CONFIG_GRKERNSEC_FIFO does similar things except it deals with FIFOs.
This is done so someone does not create a FIFO with the name of a tmp
file they are predicting you will open and then you write all your
information to THEIR FIFO.

I hope this helps.

-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import

Reply to:

References:
- grsecurity2 and per-user tmp dirs
  - From: funky soul <funkysoul@swissonline.ch>

Prev by Date: grsecurity2 and per-user tmp dirs
Next by Date: UNSUBSCRIBE
Previous by thread: grsecurity2 and per-user tmp dirs
Next by thread: Asger Kring/asg/BIT/Berlingske.dk træffes ikke.
Index(es):
- Date
- Thread