"I. Szczesniak" wrote: > > On 4/27/07, Casper.Dik at sun.com <Casper.Dik at sun.com> wrote: > > > > >On Thu, Apr 26, 2007 at 02:26:49PM -0700, John Plocher wrote: > > >> > ...making things easier for users... > > >> > > >> Why should the user care about this? By definition, things in TMPDIR > > >> are ephemeral and don't usually get noticed by users - unless the > > >> system is h0rked and there is no space left there. > > >> > > >> Since most users don't touch TMPDIR today, and in a well functioning > > >> system the existing default should "just work", I'm not sure what the > > >> problem really is... > > > > > >I think you could argue that private TMPDIRs are more secure -- no > > >chance of following a malicious symlink placed in a 1777 tmpdir if your > > >tmpdir isn't 1777. But otherwise it doesn't seem friendlier that > > >TMPDIR=/tmp. One problem: TMPDIR should probably be mkdtemp'ed, else > > >there's a DoS (nico% mkdir /tmp/plocher; chmod 700 /tmp/plocher; echo > > >muahahaha), but if mkdtemped then how to make sure that multiple login > > >sessions for the same user share the same TMPDIR? (Search for one?) > > > > Unfortunately the use of TMPDIR is inherited across "su" and > > then, when users assume roles, TMPDIR no longer works. > > > > I would think this is too risky to change. > > If that's true then the TMPDIR functionality needs to be removed from > libc and all applications because it is insecure by default.
AFAIK thats not neccesary since the mode=1777 AFAIK doesn't trigger the problem... ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
