On Mon, 07.11.11 21:53, Gregory Maxwell (gmaxwell@xxxxxxxxx) wrote: > On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > > If run on the main namespace all they see is that the files are in some > > randomized subdir of /tmp, instead of /tmp itself. > > Is the randomization required? If they were named after the > user/service that created them (perhaps with some randomization too > e.g. /tmp/mount.fooservice.$random would be much more discoverable > and maintainable then /tmp/$random. Systemctl show is good and needed > for automation, but my brain stores more sysadmin trivial than I like > already. Well, that way attackers might still be able fool the admin: i.e. he could create a directory with a service name and some randomized suffix and the admin might blindly believe that this directory belongs to the service, even if it doesn't, but belongs to the evil attacker. Using a fully randomized name is a bit more secure here, since the admin always needs to check the service first for the actual directory. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
