On 01/20/2015 11:53 AM, Jaroslav Reznik wrote:
= Proposed System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default = https://fedoraproject.org/wiki/Changes/Polyinstantiated_tmp_by_Default Change owner(s): Huzaifa Sidhpurwala <huzaifas@xxxxxxxxxx> Polyinstantiation of temperary directories is a pro-active security measure, which reduced chances of attacks caused due to the /tmp and /var/tmp directories being world-writable. These include flaws caused by predictive temp. file names, race conditions due to symbolic links etc. == Detailed Description == The basic idea is to provide better security to Fedora installs. Though Polyinstantiated /tmp has worked since Fedora 19, its not a single step process to configure it. Secondly people don't really understand its benefits. Because of this having it on by default makes more sense. It is completely transparent to the user, they wont even realize that it has been enabled. The Red Hat Product Security Team assigns CWE ids to severe flaws (CVSSv2 > 7). Here is a list of severe flaws caused by insecure tmp files [1]. == Scope == * Proposal owners: No work required to be done by proposal owner. * Other developers: ** Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem) ** Enable namespaces in /etc/security/namespace.conf (packagename: PAM) ** Enable proper selinux context and polyinstantiation_enabled boolean to be set (packagename: selinux-policy-targeted or selinux-policy) * Release engineering: N/A * Policies and guidelines: N/A == Contingency Plan == * Contingency mechanism: Poly tmp can be rolled back quite easily, by using the previous versions of packages which provides the old directory structures and old versions of the configuration files (poly tmp is just configuration and a few new directories). In releases earlier gnome-shell had issues with poly tmp, which now seems to be resolved. In any case, by Beta deadline if any blockers exists, we can easily remove this feature, by tagging previous versions of the affected packages, before the final spin. * Contingency deadline: Beta freeze * Blocks release? No [1] http://red.ht/1EkZ1gT ______________________________________________
Assuming this wont collide with existing setup systemd provides, what benefits does this provide over systemds /tmp /var/tmp setup and PrivateTmp?
JBG -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
