Differences between version 7 and predecessor to the previous major change of PerUserTempDirs.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 7 | Last edited on Tuesday, November 16, 2004 11:23:15 am | by MikeBeattie | Revert |
| Older page: | version 6 | Last edited on Tuesday, November 16, 2004 10:52:05 am | by PerryLorier | Revert |
@@ -1,20 +1,21 @@
This trick is for multiuser boxes to try and ammeleriate issues with people creating insecure temporary files (and to make it obvious which applications don't respect TMPDIR). The idea is to create a seperate directory for every user on the machine that's 700 to that user and point TMPDIR at it. I think that this idea could(/should?) be used by default by distributions. This can be extended to work for other services (eg apache).
Points for:
-* It pretects
against abusers with exploited non-root services from leveraging a tmpfile exploit to gain a users account.
+* It helps to protect
against abusers with exploited non-root services from leveraging a tmpfile exploit to gain a users account.
* It reduces the effects of /tmp becoming large and therefore slow to search.
The first part of the script goes in /etc/skel/.bash_profile before you create user accounts:
# Set up each users own temp directory (kinda)
- mkdir /tmp/$USER 2>/dev/null
+ mkdir -p
/tmp/$USER/create.$$
2>/dev/null
if [[ -O /tmp/$USER ]; then
TMPDIR=/tmp/$USER
else
TMPDIR=$(mktemp -d /tmp/${USER}.XXXXXX)
fi
touch $TMPDIR/.bash.$$
+ [[ -d $TMPDIR/create.$$ ] && rmdir $TMPDIR/create.$$
TMP=$TMPDIR
TEMP=$TMPDIR
@@ -24,8 +25,10 @@
rm $TMPDIR/.bash.$$
rmdir $TMPDIR 2>/dev/null
This means that it will remove the directory when the last shell is closed and there are no more files in the directory.
+
+The reason for creating then deleting $TMPDIR/create.$$, as some may wonder, is to make the mkdir an atomic operation that should stop any shell that is logging out as you log in, from removing $TMPDIR before a file is created within it ($TMPDIR/.bash.$$)
If users want scratch space to copy files between users etc, they can use /tmp directly as [LFS] suggests, however conformant programs should use TMPDIR which now places the files in /tmp/''username'' or /tmp/''username''.''uniqueid''.
The current flaw with this script is that it doesn't detect if /tmp/username and all the possible /tmp/username.''uniqueid''s have already been created by an attacker.
