Daniel P. Berrange wrote: > On Mon, Jul 02, 2012 at 12:09:55PM -0700, Johannes Erdfelt wrote: >> >> It seems to me that we're just as likely to have a review slip through >> that uses /tmp insecurely as a review slipping through that uses /tmp at >> all.
With my Vulnerability Management team hat on, looking at the types of vulnerabilities we actually let go through in our reviews, I would disagree with that. Not all the core developers have the security mindset built into them. And spotting usage of /tmp is always easier than spotting insecure usage of /tmp. > It is fairly common for apps to use /var/cache/<appname> or > /var/lib/<appname>. > >> Since we can't trust developers to use /tmp securely, or avoid using >> /tmp at all, then why not use filesystem namespaces to setup a process >> specific non-shared /tmp? > > That is possible, but I simply disagree with your point that we > can't stop using /tmp. It is entirely possible to stop using it > IMHO. +1. Always using application-specific, unshared temp space (/var/cache/<appname>, /var/lib/<appname>/tmp...) is a good security strengthening mechanism that should help us avoid /some/ vulnerabilities in the future. -- Thierry Carrez (ttx) OpenStack Vulnerability Management team _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp