On Tue, 8 Nov 2011 13:33:00 +0100 Lennart Poettering <mzerq...@0pointer.de> wrote:
> On Tue, 08.11.11 13:31, Stijn Hoop (st...@sandcat.nl) wrote: > > > > Well, that way attackers might still be able fool the admin: i.e. > > > he could create a directory with a service name and some > > > randomized suffix and the admin might blindly believe that this > > > directory belongs to the service, even if it doesn't, but belongs > > > to the evil attacker. Using a fully randomized name is a bit more > > > secure here, since the admin always needs to check the service > > > first for the actual directory. > > > > But isn't the point of having namespaced /tmp that no network-facing > > service is even able to create a directory in the main namespace? > > In other words, if the attacker is able to create a directory in the > > main namespace, you've already lost? > > I was talking of a local attacker here, not a remote one. Right, I assumed that this would be implemented for every user != root (basically). In other words, also for normal local users. I now see that you intend to instantiate it "only" for services by default, and the reason why (sharing) makes sense. Thanks for the explanation. --Stijn -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
