On 03/21/2010 10:44 AM, Jonathan Underwood wrote: > On 19 March 2010 23:52, Lennart Poettering<mzerqung@xxxxxxxxxxx> wrote: > >> That is a security hole. Since /tmp knows no further access control an >> evil user can just create dirs there for each and every single user on >> the system. Those directories will then be owned by him, and all other >> users will a) either completely fail to work or b) happily connect to >> the evil user's services unless the software in question implements >> two-way credential passing and verification (which I'd bet akonadi >> doesn't do). >> >> So either this is a DoS vulnerability or an even worse security hole. >> >> So in short: don't do this. If you safely want to place a socket in >> /tmp, you need to place it in a random dir, and then symlink (or >> otherwise refer to it) from $HOME. Or better (as Colin suggested), just >> use D-Bus to pass around the randomized socket path. (or even better: >> use the new fd passing in D-Bus so that you don't need to socket path at >> all) >> >> Or even shorter: Unix sucks. >> >> At last year's FOSS.in I did a talk about issues like this in Unix and >> how to work around them in application and how incredibly hard it is to >> get this right. One of those days I hope to find the time to write a >> blog story about this. >> >> I personally believe introducing a per-user /var/run (maybe as >> /var/run/users/$USER which is created at login time) is cleanest way to >> fix all of this. >> >> >>> I can't imagine what harm that would cause to default under /tmp? >>> >> It's a shared namespace. As such it is a major source of >> vulnerabitilities, especially if the developers didn't have this >> particular use in mind. >> > To what extent would the security issues associated with files in /tmp > be mitigated with a polyinstantiated /tmp directories? Should Fedora > move to that as a default? > Yes a lot of this would be fixed, but it is very confusing to have different views of /tmp. I have it setup right now and am bit by root having a different view of /tmp then my user account. And I understand the technology. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
