[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Casper.Dik at Sun.COM wrote: Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) Why ? the whole idea is about usuablity and not security (see my other postings) ... Ok, if the proposal is ammended to mode 1777 then that is good. I'm happy with that too. -- Darren J Moffat
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Joerg Schilling wrote: Peter Tribble peter.tribble at gmail.com wrote: I regard this as unsafe and undesirable *as a default*. It clutters up /tmp with unnecessary directories, wastes memory and involves extra code at login. I have no problem with administrators or users doing it if they want, but I see no advantage to having it as the default behaviour. I concur. I actually think it is a very good idea. I seriously doubt the amount of memory it wastes by having directories is actually important to anyone. While it isn't particularly necessary on machines with small numbers of users if you have every logged into a big Sun Ray machine you would have an idea of just how cluttered /tmp can get with hundreds of users all using the same /tmp. The way to take this forward is for the original requester to write up the ARC case and I as sponsor will get the ARC case submitted. -- Darren J Moffat
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
On 11/6/06, Darren J Moffat Darren.Moffat at sun.com wrote: While it isn't particularly necessary on machines with small numbers of users if you have every logged into a big Sun Ray machine you would have an idea of just how cluttered /tmp can get with hundreds of users all using the same /tmp. On such machines, are the files that land in /tmp ones that respect $TMPDIR or is it deliberate acts of users that clutter /tmp? By deliberate acts I mean a sequence similar to: I would like to see what is in this tar file; cd /tmp ; tar xvf ~/file.tar; darnit! That tar file didn't have a single top level directory; I am not at all opposed to this proposal, I just suspect that a standard /tmp cleaner utility would have more impact. That is, do for /tmp cleaning what logadm has done for log rotation. If this is a problem that is restricted to the case of a handful of situations related to particular applications, it may be useful to have /etc/profile process files in a directory named /etc/profile.d. This way the Sun Ray software could add a file into that directory that sets TMPDIR without performing the risky task of modifying /etc/profile as a postinstall script. Having /etc/profile.d (and similar for *csh users) would certainly simplify local customization of environments without having to worry about patches or upgrades whacking them. Mike -- Mike Gerdts http://mgerdts.blogspot.com/
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Mike Gerdts wrote: On 11/6/06, Darren J Moffat Darren.Moffat at sun.com wrote: While it isn't particularly necessary on machines with small numbers of users if you have every logged into a big Sun Ray machine you would have an idea of just how cluttered /tmp can get with hundreds of users all using the same /tmp. On such machines, are the files that land in /tmp ones that respect $TMPDIR or is it deliberate acts of users that clutter /tmp? By deliberate acts I mean a sequence similar to: I would like to see what is in this tar file; cd /tmp ; tar xvf ~/file.tar; darnit! That tar file didn't have a single top level directory; A mixture in the general case, but on the Sun Ray servers I personally use it is almost never user induced clutter because they are only used by developers/engineers who know better than to dump stuff in /tmp :-) I am not at all opposed to this proposal, I just suspect that a standard /tmp cleaner utility would have more impact. That is, do for /tmp cleaning what logadm has done for log rotation. Thats a near impossible problem to solve in my opinion. If this is a problem that is restricted to the case of a handful of situations related to particular applications, it may be useful to have /etc/profile process files in a directory named /etc/profile.d. I've personally not yet formulated an opinion on whither or not I like the /etc/profile.d stuff I've seen on other systems. If feels icky since it looks on some systems just like reintroducing all the problems of SVR4 init to the users profile :-) This way the Sun Ray software could add a file into that directory that sets TMPDIR without performing the risky task of modifying /etc/profile as a postinstall script. Having /etc/profile.d (and similar for *csh users) would certainly simplify local customization of environments without having to worry about patches or upgrades whacking them. I could but I see the exact same problem on machines that people do lots of ssh access to so it isn't actually a Sun Ray induced problem, though the fact that GNOME likes lots of temp files certainly increases it some what. -- Darren J Moffat
[request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at sun.com wrote: Darren J Moffat wrote: Roland Mainz wrote: Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) - patch is included in the RFE... This will I believe need an ARC case since it is a change in default behaviour. It also should be done for all shells not just ones that read /etc/profile. Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. But it should either by mode 1777 (to mitigate that risk) or 700 for privacy. Default should be the same mode as /tmp - the idea is that users do not have to dig through zillon files to find their temp. files on a large multiuser machine. Quick check on our grendel (which wasn't updated with our custom /etc/profile mods after last months update to Solaris 10): $ ls -l /tmp | wc -l 6187 Fun... ;-( Bye, Roland P.S.: Setting Reply-To: to shell-discuss at opensolaris.org -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, CJAVASunUnix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
[request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Darren J Moffat wrote: Casper.Dik at Sun.COM wrote: Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. pkgadd is one of those programs. But it should either by mode 1777 (to mitigate that risk) or 700 for privacy. Or honour the umask ? Please no (default should be identical to the default mode of /tmp). Users who wish to do that can simply use chmod in their ~/.profile (AFAIK there isn't an exploitable gap because users already own the dir on creation). bye, Roland P.S.: Reply-To: set to shell-discuss at opensolaris.org -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, CJAVASunUnix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
pkgadd failure / was: Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Dave Miner wrote: Casper.Dik at Sun.COM wrote: Darren J Moffat wrote: Roland Mainz wrote: [snip] Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. Is there any bug yet to add a simple check to pkgadd to catch this kind of mistake early ? Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, CJAVASunUnix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
[request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) Why ? the whole idea is about usuablity and not security (see my other postings) ... Bye, Roland P.S.: Reply-To: set to shell-discuss at opensolaris.org -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, CJAVASunUnix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) Why ? the whole idea is about usuablity and not security (see my other postings) ... Ok, if the proposal is ammended to mode 1777 then that is good. Casper
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR#6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Peter Tribble wrote: I regard this as unsafe and undesirable *as a default*. It clutters up /tmp with unnecessary directories, wastes memory and involves extra code at login. I have no problem with administrators or users doing it if they want, but I see no advantage to having it as the default behaviour. I disagree. The flat layout in /tmp for all temporary files of all users is very very annoying for both admins and users. I doubt mode 1777 is insecure (yes, you can always craft a case where it goes wrong...). Remember this is about usuability. Currently /tmp on large multiuser machine looks like a giant trashcan... What is the mechanism for the community to comment on these sorts of cases? Presumably it has to go for ARC review, but how does one find out what cases exist, when they're up for review, and how does one particpate in the review process? (Particularly as a community member who might only be interested in a small number of cases.) Uhm... there is arc-discuss at opensolaris.org for such discussions... and the related project lists (e.g. shell-discuss at opensolaris.org). On 11/4/06, Roland Mainz roland.mainz at nrubsig.org wrote: Default should be the same mode as /tmp - the idea is that users do not have to dig through zillon files to find their temp. files on a large multiuser machine. Why would users be manually groping through /tmp? To find their files... ? Quick check on our grendel (which wasn't updated with our custom /etc/profile mods after last months update to Solaris 10): $ ls -l /tmp | wc -l 6187 Fun... ;-( Instead of which we will (presumably) have thousands of empty directories to sift through, one for each user who ever logged in. And the associated unnecessary memory use. What is the difference between tenthousand files created by various users ? IMO that argument is for /dev/null ... (As an aside, how many directories can you create in /tmp?) The same number of files which can be there - the limit is AFAIK only the memory/swap, calculated based on some kernel tuneable... Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, CJAVASunUnix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR#6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
I disagree. The flat layout in /tmp for all temporary files of all users is very very annoying for both admins and users. I doubt mode 1777 is insecure (yes, you can always craft a case where it goes wrong...). Why? I hard ever look in /tmp. OTOH, GNOME already dumps 3 or four temporary directories plus one for StarOffice so that is a bit much already; organizing them is good. What guarantees that all temporary files are delivered there? Should this really be an administrative option? The code, I pressume, would look something like: if mkdir -p -m 1777 /tmp/$LOGNAME then if [ -w /tmp/$LOGNAME ] then TMPDIR=/tmp/$LOGNAME export TMPDIR fi fi But if we really want to prevent denial of service, then we need to do even more. Casper
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Peter Tribble peter.tribble at gmail.com wrote: I regard this as unsafe and undesirable *as a default*. It clutters up /tmp with unnecessary directories, wastes memory and involves extra code at login. I have no problem with administrators or users doing it if they want, but I see no advantage to having it as the default behaviour. I concur. J?rg -- EMail:joerg at schily.isdn.cs.tu-berlin.de (home) J?rg Schilling D-13353 Berlin js at cs.tu-berlin.de(uni) schilling at fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Roland Mainz wrote: Hi! Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) - patch is included in the RFE... This will I believe need an ARC case since it is a change in default behaviour. It also should be done for all shells not just ones that read /etc/profile. Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. -- Darren J Moffat
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Darren J Moffat wrote: Roland Mainz wrote: Hi! Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) - patch is included in the RFE... This will I believe need an ARC case since it is a change in default behaviour. It also should be done for all shells not just ones that read /etc/profile. Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Darren J Moffat wrote: Roland Mainz wrote: Hi! Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) - patch is included in the RFE... This will I believe need an ARC case since it is a change in default behaviour. It also should be done for all shells not just ones that read /etc/profile. Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. But it should either by mode 1777 (to mitigate that risk) or 700 for privacy. Casper
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. pkgadd is one of those programs. But it should either by mode 1777 (to mitigate that risk) or 700 for privacy. Or honour the umask ? -- Darren J Moffat
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Darren J Moffat wrote: Roland Mainz wrote: Hi! Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) - patch is included in the RFE... This will I believe need an ARC case since it is a change in default behaviour. It also should be done for all shells not just ones that read /etc/profile. Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. Dave
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) And while we all agree that not being able to use $TMPDIR should not cause a horrid failure in any application, I'm afraid that we'd need to fix those bugs first. (Strange, though, since installers usually run as root; so this was with an NFS $TMPDIR?) Casper
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) And while we all agree that not being able to use $TMPDIR should not cause a horrid failure in any application, I'm afraid that we'd need to fix those bugs first. (Strange, though, since installers usually run as root; so this was with an NFS $TMPDIR?) No, it was just running the installer within a setuid wrapper using a local $TMPDIR set to 700. Not really a recommended practice, so I don't know that it's fatal to the idea, just pointing out that it does in fact happen for some cases. Dave
