Differences between version 8 and revision by previous author of PerUserTempDirs.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 8 | Last edited on Tuesday, November 16, 2004 1:24:52 pm | by PhilMurray | Revert |
| Older page: | version 7 | Last edited on Tuesday, November 16, 2004 11:23:15 am | by MikeBeattie | Revert |
@@ -1,5 +1,5 @@
-This trick is for multiuser boxes to try and ammeleriate
issues with people creating insecure temporary files (and to make it obvious which applications don't respect TMPDIR). The idea is to create a seperate directory for every user on the machine that's 700 to that user and point TMPDIR at it. I think that this idea could(/should?) be used by default by distributions. This can be extended to work for other services (eg apache).
+This trick is for multiuser boxes to try and ameliorate
issues with people creating insecure temporary files (and to make it obvious which applications don't respect TMPDIR). The idea is to create a seperate directory for every user on the machine that's 700 to that user and point TMPDIR at it. I think that this idea could(/should?) be used by default by distributions. This can be extended to work for other services (eg apache).
Points for:
* It helps to protect against abusers with exploited non-root services from leveraging a tmpfile exploit to gain a users account.
* It reduces the effects of /tmp becoming large and therefore slow to search.
