On Sat, 22 May 2004 at 01:11:30PM -0400, funky soul wrote: > hi folx > > i have installed the grsecurity2 patches and am now running a kernel > with CONFIG_GRKERNSEC_FIFO and CONFIG_GRKERNSEC_LINK ON. users cannot > write to /tmp directly which is fine. now i want per-user tmp dirs like > /tmp/$USER. alas $TMPDIR seems to be ignored. any hints?
CONFIG_GRKERNSEC_FIFO and CONFIG_GRKERNSEC_LINK DO NOT prevent writing to /tmp. Read the Configure.help: CONFIG_GRKERNSEC_FIFO If you say Y here, users will not be able to write to FIFOs they don't own in world-writable +t directories (i.e. /tmp), unless the owner of the FIFO is the same owner of the directory it's held in. If the sysctl option is enabled, a sysctl option with name "fifo_restrictions" is created. CONFIG_GRKERNSEC_LINK If you say Y here, /tmp race exploits will be prevented, since users will no longer be able to follow symlinks owned by other users in world-writable +t directories (i.e. /tmp), unless the owner of the symlink is the owner of the directory. users will also not be able to hardlink to files they do not own. If the sysctl option is enabled, a sysctl option with name "linking_restrictions" is created. CONFIG...LINK deals with SymLinks. Users (even root) cannot follow a Symlink created by a user who does not own the file they are linking to (it a globally writable +t directory) UNLESS the owner of the SymLink is the owner of the globally writable +t directory. In most cases, the owner of /tmp would be root. This is done so another user will not predict a tmp file you will open and then create a symlink to a file they want you to edit/corrupt, IE: ~/something... CONFIG_GRKERNSEC_FIFO does similar things except it deals with FIFOs. This is done so someone does not create a FIFO with the name of a tmp file they are predicting you will open and then you write all your information to THEIR FIFO. I hope this helps. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
