Lennart Poettering mzerq...@0pointer.de writes:
Well, that way attackers might still be able fool the admin: i.e. he
could create a directory with a service name and some randomized suffix
and the admin might blindly believe that this directory belongs to the
service, even if it doesn't, but
On Wed, Nov 9, 2011 at 10:10 AM, Benny Amorsen benny+use...@amorsen.dk wrote:
How about making a non-world-writable directory somewhere for this
purpose, with service-named directories beneath it?
That is yet another thing for sysadms to learn about of course, unless
it is placed in /tmp
Once upon a time, Miloslav Trmač m...@volny.cz said:
On Wed, Nov 9, 2011 at 10:10 AM, Benny Amorsen benny+use...@amorsen.dk
wrote:
How about making a non-world-writable directory somewhere for this
purpose, with service-named directories beneath it?
That is yet another thing for sysadms
On Mon, Nov 7, 2011 at 10:08 PM, Simo Sorce s...@redhat.com wrote:
Why not simply open bugs to have apps use /var/run/name ?
When program A uses library B which uses library C which uses library
D which creates a temporary file, we don't want to modify the API of
all of them to pass name from A
On Mon, 07.11.11 21:53, Gregory Maxwell (gmaxw...@gmail.com) wrote:
On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering mzerq...@0pointer.de
wrote:
If run on the main namespace all they see is that the files are in some
randomized subdir of /tmp, instead of /tmp itself.
Is the
On Tue, 8 Nov 2011 12:55:31 +0100
Lennart Poettering mzerq...@0pointer.de wrote:
On Mon, 07.11.11 21:53, Gregory Maxwell (gmaxw...@gmail.com) wrote:
On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering
mzerq...@0pointer.de wrote:
If run on the main namespace all they see is that the files
On Tue, 08.11.11 13:31, Stijn Hoop (st...@sandcat.nl) wrote:
Well, that way attackers might still be able fool the admin: i.e. he
could create a directory with a service name and some randomized
suffix and the admin might blindly believe that this directory
belongs to the service, even if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/07/2011 08:48 PM, Lennart Poettering wrote:
On Mon, 07.11.11 19:15, Chris Adams (cmad...@hiwaay.net) wrote:
Once upon a time, Lennart Poettering mzerq...@0pointer.de
said:
Yes, since they are created as subdirectories of the real /
with
On 11/08/2011 06:06 PM, Stijn Hoop wrote:
Right, I assumed that this would be implemented for every user != root
(basically). In other words, also for normal local users.
Why is that not part of the proposal?
Rahul
--
devel mailing list
devel@lists.fedoraproject.org
On Tue, 2011-11-08 at 10:50 +0100, Miloslav Trmač wrote:
On Mon, Nov 7, 2011 at 10:08 PM, Simo Sorce s...@redhat.com wrote:
Why not simply open bugs to have apps use /var/run/name ?
When program A uses library B which uses library C which uses library
D which creates a temporary file, we
On 11/08/2011 02:22 PM, Rahul Sundaram wrote:
On 11/08/2011 06:06 PM, Stijn Hoop wrote:
Right, I assumed that this would be implemented for every user != root
(basically). In other words, also for normal local users.
Why is that not part of the proposal?
It'd break things. At the
On Tue, Nov 08, 2011 at 02:47:02AM +0100, Lennart Poettering wrote:
On Mon, 07.11.11 16:08, Simo Sorce (s...@redhat.com) wrote:
On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/07/2011 03:38 PM, Matej Cepl wrote:
Dne
Daniel J Walsh wrote:
One suggestion would be to create a directory in /tmp at early boot.
/tmp/.systemd Which would only have root only access.
That seems like it may be a good idea, but please drop the dot. Why would that
directory need to be hidden?
Björn Persson
signature.asc
On Tue, 08.11.11 09:07, Daniel J Walsh (dwa...@redhat.com) wrote:
Yes, this works as it always did. We made sure that the behaviour
change is as minimal as possible and all the accounting and
discoverability is unchanged.
Lennart
One suggestion would be to create a directory in /tmp
ons 2011-11-09 klockan 02:06 +0100 skrev Lennart Poettering:
That said, I am not particularly keen on having an inflation of subdirs
in /tmp created at early boot. I'd much prefer if we design our stuff in
a robust way so that directories are created when they are needed, but
without them
Sounds good to me.
On Mon, Nov 7, 2011 at 12:50 PM, Daniel J Walsh dwa...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It seems to be a weekly occurrence of a new CVE for some app that uses
/tmp insecurely.
I have been on a crusade for years to stop privileged services
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/07/2011 03:38 PM, Matej Cepl wrote:
Dne 7.11.2011 20:50, Daniel J Walsh napsal(a):
systemd as of Fedora 16 has the ability to run system services
with private /tmp and /var/tmp. I would like to propose that we
make this the default in
Once upon a time, Daniel J Walsh dwa...@redhat.com said:
I know I just opened a couple of other features on Fedora 17. I just
wanted to open discussion on this about what would be the best way to
do this.
* Maybe a bad idea. Since admins might get confused by different /tmp(s).
Hmm, one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/07/2011 03:44 PM, Chris Adams wrote:
Once upon a time, Daniel J Walsh dwa...@redhat.com said:
I know I just opened a couple of other features on Fedora 17. I
just wanted to open discussion on this about what would be the
best way to do
On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/07/2011 03:38 PM, Matej Cepl wrote:
Dne 7.11.2011 20:50, Daniel J Walsh napsal(a):
systemd as of Fedora 16 has the ability to run system services
with private /tmp and /var/tmp.
On Mon, Nov 07, 2011 at 09:38:09PM +0100, Matej Cepl wrote:
Dne 7.11.2011 20:50, Daniel J Walsh napsal(a):
systemd as of Fedora 16 has the ability to run system services with
private /tmp and /var/tmp. I would like to propose that we make this
the default in Fedora 17, or at least open a
Daniel J Walsh (dwa...@redhat.com) said:
I know I just opened a couple of other features on Fedora 17. I just
wanted to open discussion on this about what would be the best way to
do this.
* Make it default in systemd
I think that would be problematic if it's applied to all units; it's a
Once upon a time, Daniel J Walsh dwa...@redhat.com said:
I think this is a question for lennart, I am not sure how he sets them
up. If I was setting them up, I would probably set them up by default
under /run/SERVICE/tmp and bind mount over /tmp or something like
that. And I would figure the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/07/2011 04:08 PM, Simo Sorce wrote:
On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 11/07/2011 03:38 PM, Matej Cepl wrote:
Dne 7.11.2011 20:50, Daniel J Walsh napsal(a):
systemd as
On Mon, 07.11.11 14:50, Daniel J Walsh (dwa...@redhat.com) wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It seems to be a weekly occurrence of a new CVE for some app that uses
/tmp insecurely.
I have been on a crusade for years to stop privileged services from
using /tmp and
On Mon, 07.11.11 14:44, Chris Adams (cmad...@hiwaay.net) wrote:
Once upon a time, Daniel J Walsh dwa...@redhat.com said:
I know I just opened a couple of other features on Fedora 17. I just
wanted to open discussion on this about what would be the best way to
do this.
* Maybe a bad
On Mon, 07.11.11 15:25, Chris Adams (cmad...@hiwaay.net) wrote:
Once upon a time, Daniel J Walsh dwa...@redhat.com said:
I think this is a question for lennart, I am not sure how he sets them
up. If I was setting them up, I would probably set them up by default
under /run/SERVICE/tmp and
Once upon a time, Lennart Poettering mzerq...@0pointer.de said:
Yes, since they are created as subdirectories of the real / with mkdtemp()
and thus can be found there like any other directory if you are running
in the main namespaces.
No, since there's currently no sane way to figure out the
On Mon, 07.11.11 19:15, Chris Adams (cmad...@hiwaay.net) wrote:
Once upon a time, Lennart Poettering mzerq...@0pointer.de said:
Yes, since they are created as subdirectories of the real / with mkdtemp()
and thus can be found there like any other directory if you are running
in the main
On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering mzerq...@0pointer.de wrote:
If run on the main namespace all they see is that the files are in some
randomized subdir of /tmp, instead of /tmp itself.
Is the randomization required? If they were named after the
user/service that created
them
Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering mzerq...@0pointer.de
wrote:
If run on the main namespace all they see is that the files are in some
randomized subdir of /tmp, instead of /tmp itself.
Is the randomization
On Mon, Nov 7, 2011 at 10:00 PM, Chris Adams cmad...@hiwaay.net wrote:
Well, if they're subdirectories of /tmp, you'd have to deal with all the
usual /tmp attacks of known targets.
Hmph? They wouldn't be accessible to anything except root I assume.
Because they're long lived the random names
Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
On Mon, Nov 7, 2011 at 10:00 PM, Chris Adams cmad...@hiwaay.net wrote:
Well, if they're subdirectories of /tmp, you'd have to deal with all the
usual /tmp attacks of known targets.
Hmph? They wouldn't be accessible to anything
Dne 7.11.2011 22:44, Daniel J Walsh napsal(a):
I often do this, (Probably did it with winbind.) but in some cases the
maintainer might not know how to make the change or upstream would not
want the change.
Well, if this project should ever succeeded than those bugs should have
probably
Dne 7.11.2011 22:12, Matthew Garrett napsal(a):
Having some public discussion of a potentially contentious feature is a
great way to help fesco make decisions. I'm personally in favour of that
happening on a mailing list rather than in the discussion page on a wiki
- it's a lot easier to
35 matches
Mail list logo