[shell-discuss] Re: PSARC 2007/236 Default shell environment: TMPDIR

Fri, 27 Apr 2007 00:59:42 +0200 

Nicolas Williams wrote:
> On Thu, Apr 26, 2007 at 02:26:49PM -0700, John Plocher wrote:
> > > ...making things easier for users...
> >
> > Why should the user care about this?  By definition, things in TMPDIR
> > are ephemeral and don't usually get noticed by users - unless the
> > system is h0rked and there is no space left there.
> >
> > Since most users don't touch TMPDIR today, and in a well functioning
> > system the existing default should "just work", I'm not sure what the
> > problem really is...
> 
> I think you could argue that private TMPDIRs are more secure -- no
> chance of following a malicious symlink placed in a 1777 tmpdir if your
> tmpdir isn't 1777. 
> But otherwise it doesn't seem friendlier that
> TMPDIR=/tmp.

For users it appears to be friendlier (compared to have _all_ the files
in one flat directory where you have to search for your files via $ ls
-l | fgrep "myusername" # or worse).

> One problem: TMPDIR should probably be mkdtemp'ed, else
> there's a DoS (nico% mkdir /tmp/plocher; chmod 700 /tmp/plocher; echo
> muahahaha), but if mkdtemped then how to make sure that multiple login
> sessions for the same user share the same TMPDIR?  (Search for one?)

The example code I've posted earlier (e.g.
-- snip --
# set TMPDIR to /tmp/${LOGNAME}/
if [ "${LOGNAME}" != "" -a "${TMPDIR}" = "" ] ; then
   utmpdir="/tmp/${LOGNAME}"

   /usr/bin/mkdir -p -m 1777 "${utmpdir}"

   # we have to use /usr/bin/test because /sbin/sh is a bourne shell
   if /usr/bin/test -d "${utmpdir}" -a -O "${utmpdir}" ; then
       TMPDIR="${utmpdir}"
       export TMPDIR
   fi

   unset utmpdir
fi
-- snip --
) explicitly tests for such cases to make sure that no malicious user
can cause trouble my "squatting" directories, e.g. TMPDIR will only be
set if the directory is avaiable and owned by the user defined by
${LOGNAME} (these conditions are usually "true" unless something goes
wrong (which should be the exception)) ...

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz at nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 7950090
 (;O/ \/ \O;)

Reply via email to