On 22 October 2011 15:39, Michal Zalewski <lcam...@coredump.cx> wrote: >> In any case, the *right* answer isn't to play whack-a-mole fixing /tmp races, >> what you should be doing is using pam_namespace or similar so each user gets >> their own /tmp namespace. > > That would result in counterintuitive behavior, I suppose... /tmp is a > fairly stupid and largely unnecessary artifact of the old. > > If you are in charge of a distro, it would not hurt to nuke it > altogether and change all packages in your control to use per-user > $TMPDIR. Some third-party stuff will break - but it breaks every now > and then anyway.
Actually in Ubuntu YAMA(Yama Linux Security Module)[0] should block /tmp symlink attacks. According to [1] "In Ubuntu 10.10 and later, symlinks in world-writable sticky directories (e.g. /tmp) cannot be followed if the follower and directory owner do not match the symlink owner. The behavior is controllable through the /proc/sys/kernel/yama/protected_sticky_symlinks sysctl, available via Yama. " [0] http://zinc.canonical.com/git?p=kees/linux-2.6.git;a=shortlog;h=refs/heads/yama [1] https://wiki.ubuntu.com/Security/Features _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
