On Wed, Mar 10, 2010 at 10:07 AM, Craig Dibble <cr...@rootdev.com> wrote: > Does anyone have any thoughts on removing the sticky bit on the /var/tmp > directory and setting it to 777?
In the past there have been exploits which relied upon racing processes then modify files they have placed in /tmp or /var/tmp to gain elevated privileges. Googling "race tmp exploit" will show up lots of these. It is almost certainly bad practice to do this. > The reason for this is that we have a large amount of data moving through > that folder, in the order of more than 100GB. I think data of that size belongs in /var/cache/ or /var/spool/ or simply somewhere else entirely. /var/tmp/ is for temporary files that survive between reboots[1]. If you have an application that requires lots of space, I would put it on a separate partition and keep it away from my OS partitions, maybe stuff it all somewhere under /opt/ [1] http://www.pathname.com/fhs/pub/fhs-2.3.html#VARTMPTEMPORARYFILESPRESERVEDBETWEE Joel -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
