> If you are running the software, you may want to clear /tmp at boot, at least > for the lock files. Otherwise any user can turn any file on the system to 0 > bytes. I should probably point out that methods like "clearing /tmp at boot time" do not neccessarily work. In particular, in many systems one can use the system bootup procedures to run processes on behalf of a regular user, which could then create files or symbolic links to play other games to exploit a problem. Two examples follow: 1) cron is started early. In particular, Vixie cron has a feature not a lot of people know about called @reboot. Since cron is started early and starts pushing jobs through, this permits a user to run processes of his choice while /etc/rc is still executing. With non-vixie versions of cron this is harder, but I bet it's still doable. 2) Some /etc/rc scripts execute sendmail's to deliver vipreserve information. A nice little .forward... can therefore run at the same time as /etc/rc. In OpenBSD's case, we considered this issue to be even more serious since random users could run programs of their choice before the kernel securelevel (see init(8)) has been changed. To avoid that issue we had to change the order of several things in /etc/rc*...
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:10 PDT