Tollef Fog Heen writes: >* "Donaldson, Matthew" > >| If it were just replacing login, I would agree with you. But not everything >| coming into a Unix system comes via login. There are a number of daemons, >| X-window systems and so forth that do their own thing. On top of the >| existing ones, someone might decide to compile some ssh version or some other >| daemon, and put that up. Anything that creates a process on a Unix system >| and runs things is a potential entry point. It need not be even be related >| to loggin in. Cron, for example, runs processes as different users, but >| doesn't run login. > >PAM handles this quite nicely. > >I've hacked together a PAM module which sets TMPDIR (and TMP) to >/tmp/user/uid, which I could probably make available (mail me if you Yes please - I'm interested in other viable solutions. >are interested). Fixing programs to use TMP and TMPDIR is the correct >solution. Fixing programs is the _ideal_ solution, as is fixing software to eliminate buffer overruns. However there is stack guarding software because not all software is fixed, and not all vulnerabilities are known. Similar principle applies here. We live in a non-ideal world. You may argue that /tmp bugs are more obvious in the code than buffer overruns, and they may be to some degree, but even so, someone's got to look over the source code for everthing that's out there. Most admins don't have time to do that for every piece of software they're running, or can't (e.g. because it's non open-source). Having something like this gives them the security that even if someone is doing the Wrong Thing(tm), it does not put them at risk. Cheers -Matthew -- +--------------------------------------------------------------------------+ | Matthew Donaldson http://www.datadeliverance.com | | Data Deliverance Pty. Ltd. Email: matthewat_private | | 30 Musgrave Ave. Phone: +61 8 8265 7976 _ | | Banksia Park Fax: +61 8 8265 0032 John / \/ | | South Australia 5091 3:16 \_/\ | +--------------------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 00:17:07 PDT