Re: Bug#661627: Avoid /tmp ?
* Julien Cristau <jcristau@debian.org> [120302 14:31]:
> > I think the obsolete chown command should be removed (as said Tim), and
> > also the chmod should by replaced by a single atomic operation (using
> > "mkdir -m"). Those two things will avoid usages of dangerous commands
> > and then, reduce TOCTTOU risks.
> >
> I'm not convinced the chown can be removed.
> And 'mkdir -m 1777 foo' is not any more atomic than 'mkdir foo && chmod 1777 foo'.
To be more precise: it is more atomic but not in a way that makes a difference here.
> but so far I haven't seen a way to do that in shell, because chmod(1)
> doesn't have a --no-dereference option, and even if it did it doesn't
> look like I could safely detect whether to exit with failure or success.
>
> hmm, how about this:
>
> mkdir -p /tmp/.X11-unix
> chown -h root:root /tmp/.X11-unix
> stat=$(LC_ALL=C stat -c '%u %g %F' /tmp/.X11-unix)
> if [ "$stat" != '0 0 directory' ]; then
> exit 1
> fi
> chmod 1777 /tmp/.X11-unix
If mkdir -p fails (it for example does if .X11-unix is a proper file
or a dangling symlink), one might refrain from issuing the following
commands.
Are there any kernel hardening patches that check ownership of symlinks?
If there are then changing the ownership of a /tmp/.X11-unix symlink
might actually introduce a problem similar to the one this was
originally trying to solve in those cases.
And I think if there is something else, it might make sense to
try to move it away again and try to create it again.
Bernhard R. Link
Reply to: