Scott Ferguson wrote: > Bob Proulx wrote: > > Scott Ferguson wrote: > >> Martin Steigerwald wrote: > >>> I like the notion to just use /var/tmp for anything big by default. > >> > >> Doesn't that require manually deleting files when they're no longer > >> required? > > > > Of course that is no different from /tmp which is the same until > > rebooted and I only reboot for kernel security upgrades. In between > > those reboots it is no different and a system can go for a long time > > without rebooting. > > So, um, do that mean yes? Yes. That means yes that I always set up a tmp cleaner for both /tmp and /var/tmp. (But that is me. I don't know what Martin does.) > > I always set up automated tmp cleaners on /tmp and /var/tmp. > > Good to know. Almost as useful as actually saying what or how ;-p I intentionally avoided saying details because you would not believe how contentious the topic of tmp cleaners really happens to be! If it seems like a simple topic that is the first clue that it probably isn't. It is a minefield. I put it firmly into the topic area of "where angels fear to tread". I know better than to walk there. But having stepped into it I was already planning the strategy of my retreat so that I could escape with life and limb intact. As long as the details are ambiguous then there isn't any surface for the maligners to attack. There is the presumption of innocence. Or in this case the presumption of absolute correctness. And yet it is an area that may be impossible to be absolutely correct. If you study it in enough detail you may come to the conclusion that it isn't ever safe to delete any file. You can only add disk space endlessly and never ever delete anything. For those who come to that conclusion, sorry, it isn't going to happen. If you study the problem in enough detail you may conclude that the only time to delete files is during system boot time. That is certainly a safe time. The state of the system is known and controlled. But does that mean that you would schedule a daily reboot simply to be able to delete files? That would create an unreasonable situation too. And then we have the problems of absolute correctness for shutdown and bootup. For those that come to that conclusion that reboots are required to delete files, sorry, it isn't going to happen. And so being pragmatic I do set up tmp cleaners. Many things about life are compromises. The maligners will attack me and call me a bad person for doing so. I have walked through the fire on that one before. And yet those attacks against tmp cleaners are impossible to trigger on my machines. That won't prevent the maligners from trying. They will construct various situations where the vulnerability exists and will talk about those cases. That is all very good but those cases are not my case and they don't apply. If the problem cases do not apply to you either then there shouldn't be any problem for you to set up a tmp cleaner either. But that is for you to decide. To set up a simple tmpcleaner sufficient on your own personal use simply install the Debian tmpreaper package and then edit the /etc/tmpreaper.conf file TMPREAPER_DIRS='/tmp/. /var/tmp/.' to add /var/tmp to the list of directories that it will clean. You would turn the warning statement there off too. To start getting up to speed on the issues with tmp cleaners read the /usr/share/doc/tmpreaper/README.security.gz file that comes with tmpreaper. Then browse the bug reports for that package: http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=tmpreaper;dist=unstable Then read through these references about temporary files: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html http://lcamtuf.coredump.cx/tmp_paper.txt Additionally reading through various mktemp design notes about how to create temporary files securely would be useful background on the other side of things too. If I didn't scare everyone just a little bit with this then I didn't write it well enough. There isn't any way to win on this issue. Bob
Attachment:
signature.asc
Description: Digital signature