Re: Linux patches to solve /tmp race problem

From: Donaldson, Matthew (matthewat_private)
Date: Tue Apr 24 2001 - 03:43:30 PDT

Next message: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"

Previous message: William D. Colburn (aka Schlake): "Re: SECURITY.NNOV: The Bat! <cr> bug"
In reply to: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Next in thread: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Next in thread: Crispin Cowan: "Re: Linux patches to solve /tmp race problem"
Reply: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Reply: Valdis Kletnieks: "Re: Linux patches to solve /tmp race problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tollef Fog Heen writes:
>* "Donaldson, Matthew"
>
>| If it were just replacing login, I would agree with you.  But not everything
>| coming into a Unix system comes via login.  There are a number of daemons,
>| X-window systems and so forth that do their own thing.  On top of the
>| existing ones, someone might decide to compile some ssh version or some other
>| daemon, and put that up.  Anything that creates a process on a Unix system
>| and runs things is a potential entry point.  It need not be even be related
>| to loggin in.  Cron, for example, runs processes as different users, but
>| doesn't run login.
>
>PAM handles this quite nicely.
>
>I've hacked together a PAM module which sets TMPDIR (and TMP) to
>/tmp/user/uid, which I could probably make available (mail me if you

Yes please - I'm interested in other viable solutions.

>are interested).  Fixing programs to use TMP and TMPDIR is the correct
>solution.

Fixing programs is the _ideal_ solution, as is fixing software to eliminate
buffer overruns.  However there is stack guarding software because not all
software is fixed, and not all vulnerabilities are known.  Similar principle
applies here.  We live in a non-ideal world.

You may argue that /tmp bugs are more obvious in the code than buffer
overruns, and they may be to some degree, but even so, someone's got to look
over the source code for everthing that's out there.  Most admins don't have
time to do that for every piece of software they're running, or can't
(e.g. because it's non open-source).  Having something like this gives them
the security that even if someone is doing the Wrong Thing(tm), it does not
put them at risk.

Cheers

		-Matthew

--
+--------------------------------------------------------------------------+
| Matthew Donaldson             http://www.datadeliverance.com             |
| Data Deliverance Pty. Ltd.    Email: matthewat_private         |
| 30 Musgrave Ave.              Phone: +61 8 8265 7976            _        |
| Banksia Park                  Fax:   +61 8 8265 0032     John  / \/      |
| South Australia 5091                                     3:16  \_/\      |
+--------------------------------------------------------------------------+

Next message: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Previous message: William D. Colburn (aka Schlake): "Re: SECURITY.NNOV: The Bat! <cr> bug"
In reply to: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Next in thread: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Next in thread: Crispin Cowan: "Re: Linux patches to solve /tmp race problem"
Reply: Tollef Fog Heen: "Re: Linux patches to solve /tmp race problem"
Reply: Valdis Kletnieks: "Re: Linux patches to solve /tmp race problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 00:17:07 PDT