Valdis Kletnieks writes: >On Thu, 26 Apr 2001 01:14:18 +0930, matthewat_private said: >Wasn't there a *LONG* thread a while ago about how to properly clean a /tmp >on a *secure* regular basis? (the problem being that a malicious user could >drop something into /tmp that ended up causing the /tmp cleaner to clean >the wrong thing....) Yes, I remember that. > >Remember - there's *two* race conditions - one for creating a file (causing >the victim to create a file other than where he thought), and one for >de-referencing a filename (causing the victim to read an existing file other >than the one he intended). /tmp cleaners are in the second category.... Yes you are right, this category could claim the title of /tmp race condition as well. Having separate /tmp directories might help even here though - see below. > >Of course, there's still people out there getting burnt by a simple > >find /tmp -mtime -7 -type f | xargs rm > >Lots of joy to be found here - (like this: > mkdir /tmp/foo\n; touch /tmp/foo\n/vmunix >Wait a week,and watch the next reboot fail. Note that *this* little >gem will work even with separate per-user /tmp directories - this is >why GNU find/xargs have a -0 option. Because /tmp looks different for each user, one thing you could do to increase safety (and I'm not necessarily recommending this, just putting it up as an idea) is to run the cleanup code (e.g. tmpwatch) once for each user. e.g. (naively, ignoring NIS etc.) for user in `cat /etc/passwd | cut -d: -f1`; do su - $user -c cleanup_command done Cleanup programs (like tmpwatch) could be replaced by a wrapper that calls the real cleanup program for each user. The above find command executed as the normal user would not cause any problems. It seems to me that under those circumstances the worst the user could do would be to make booby traps that remove his/her own files. One cost would be that presumably the cleanup would take longer, being run for each user, but perhaps not so very much longer for a non-enormous number of users. After all, the amount of files to be scanned should be roughly the same. Cheers -Matthew -- +--------------------------------------------------------------------------+ | Matthew Donaldson http://www.datadeliverance.com | | Data Deliverance Pty. Ltd. Email: matthewat_private | | 30 Musgrave Ave. Phone: +61 8 8265 7976 _ | | Banksia Park Fax: +61 8 8265 0032 John / \/ | | South Australia 5091 3:16 \_/\ | +--------------------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 10:25:04 PDT