On Saturday 05 November 2005 11:27 pm, Brian May wrote:
> Can't we just pick one standard name for the environment variable and
> stick to it?
If we do that, I'd request that it be $TMPDIR, as that's what SUSv3 has
standardized.
--
Brian M. Carlson <[EMAIL PROTECTED]>
Running on GNU/kFreeBSD; i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Fr den 4. Nov 2005 um 13:36 schrieb Jon Dowland:
> ...alongside the private keys in ~/.gnupg?
Well, you can configure gnupg to write secret keys to a secure medium.
Am Fr den 4. Nov 2005 um 15:46 schrieb Noah Meyerhans:
> First of all, libpam_tm
On Fri, Nov 04, 2005 at 02:08:41PM +0200, Lars Wirzenius wrote:
> I don't think the suggestion was to make TMP=~/tmp, but TMP=/tmp/$USER,
> where /tmp/$USER is owned by the user in question and is inaccessible to
> others. Or perhaps I read too much into the proposal?
That's pretty close... curren
On Thu, Nov 03, 2005 at 11:16:43PM -0500, Noah Meyerhans wrote:
> I have little operational experience with this PAM module, though. Does
> it cause problems for certain apps? If so, could these problems be
> solved with a less simplistic PAM configuration?
The only one I've encountered so far i
>>>>> "Noah" == Noah Meyerhans <[EMAIL PROTECTED]> writes:
Noah> Within the security team, there has recently been some talk
Noah> of pushing for per-user temp directories by default in etch.
Noah> I'd like to see what people's react
On Thu, 3 Nov 2005 23:16:43 -0500, Noah Meyerhans <[EMAIL PROTECTED]> said:
> Within the security team, there has recently been some talk of
> pushing for per-user temp directories by default in etch. I'd like
> to see what people's reaction to such a proposal woul
On Fri, Nov 04, 2005 at 06:21:09PM +0100, Javier Fernández-Sanguino Peña wrote:
> A final point for consideration: libpam_tmpdir is not going to drive symlink
> attacks through temporary files away. There are packages that use temporary
> directories but are _not_ tmp. Some examples: the system's
On Fri, 4 Nov 2005 01:42:08 -0500, Joey Hess <[EMAIL PROTECTED]> said:
> One problem I have experienced is that if I manually start cups via
> its init script, as root, the cups daemon ends up running as a less
> privliged user that cannot write to /root/tmp, and the failure mode is
> quite horrib
On Fri, Nov 04, 2005 at 09:51:19AM -0500, Noah Meyerhans wrote:
> > Where was that talk done? I've been the one auditing that and there have
> > been
> > DSAs for most of the bugs I've reported to the audit team. Granted, they are
> > not being issued inmediately (I usually provide the report and
On Fri, 4 Nov 2005, Lars Wirzenius wrote:
I don't think the suggestion was to make TMP=~/tmp, but TMP=/tmp/$USER,
where /tmp/$USER is owned by the user in question and is inaccessible to
others.
It would be a lot better to use TMP=/tmp/users/$USER, as user names are
pretty likely to clash with
Re: Noah Meyerhans in <[EMAIL PROTECTED]>
> Sorry for not being more clear. The default (only?) behavior of
> libpam_tmpdir is to set $TMP and $TMPDIR to /tmp/user/$UID.
The only difficult point I can see is that (the same) $TMPDIR should
also be available in chroots. I bind-mount /tmp in my chro
On Fri, Nov 04, 2005 at 08:12:39AM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> > There are a number of outstanding "insecure tempfile vulnerabilities",
> > and there has been some talk that they're both too numerous and of low
> > enough impact that they're not even worth releasing DSAs for. Ne
On Fri, Nov 04, 2005 at 01:00:48PM +0100, Klaus Ethgen wrote:
> That whould be no good idea for security environment where you do
> special think to secure /tmp (make it in memory and encrypt swap). With
> tempdir in users home all applications like for example gpg write
> temporary files to this l
On Fri, Nov 04, 2005 at 01:16:31PM +0100, Frank K?ster wrote:
> What do the security people mean with per-user temp directories? It's
> clear that $HOME/tmp would be bad, but /tmp/$USERNAME/ with proper
> permissions doesn't sound so awkward.
Sorry for not being more clear. The default (only?) b
On Fri, Nov 04, 2005 at 01:00:48PM +0100, Klaus Ethgen wrote:
> With tempdir in users home all applications like for example gpg write
> temporary files to this location which ends up unencrypted on a disk
...alongside the private keys in ~/.gnupg?
--
Jon Dowland
http://jon.dowland.name/
--
T
Klaus Ethgen <[EMAIL PROTECTED]> wrote:
> Am Fr den 4. Nov 2005 um 5:16 schrieb Noah Meyerhans:
>> Within the security team, there has recently been some talk of pushing
>> for per-user temp directories by default in etch. I'd like to see what
>
> That who
pe, 2005-11-04 kello 13:00 +0100, Klaus Ethgen kirjoitti:
> Am Fr den 4. Nov 2005 um 5:16 schrieb Noah Meyerhans:
> > Within the security team, there has recently been some talk of pushing
> > for per-user temp directories by default in etch. I'd like to see what
>
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Fr den 4. Nov 2005 um 5:16 schrieb Noah Meyerhans:
> Within the security team, there has recently been some talk of pushing
> for per-user temp directories by default in etch. I'd like to see what
That whould be no good idea f
hi,
On Thu, Nov 03, 2005 at 11:16:43PM -0500, Noah Meyerhans wrote:
> Within the security team, there has recently been some talk of pushing
> for per-user temp directories by default in etch. I'd like to see what
> people's reaction to such a proposal would be.
granted th
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>> session optional pam_tmpdir.so
>Another potential problem is if a run a suid (non-root) program that
>attempts to create a file in $TMP. But it's suid, so it doesn't run
>under my uid, and doesn't have permissions to write to $TMP. But I
On Thu, Nov 03, 2005 at 11:16:43PM -0500, Noah Meyerhans wrote:
> There are a number of outstanding "insecure tempfile vulnerabilities",
> and there has been some talk that they're both too numerous and of low
> enough impact that they're not even worth releasing DSAs for. Never the
Where was tha
Hubert Chan wrote:
> Another potential problem is if a run a suid (non-root) program that
> attempts to create a file in $TMP. But it's suid, so it doesn't run
> under my uid, and doesn't have permissions to write to $TMP. But I've
> never run across that -- suid programs are pretty uncommon.
I
On Thu, 3 Nov 2005 23:16:43 -0500, Noah Meyerhans <[EMAIL PROTECTED]> said:
[...]
> session optional pam_tmpdir.so
> I have little operational experience with this PAM module, though.
> Does it cause problems for certain apps? If so, could these problems
> be solved with a less simplistic PAM c
Within the security team, there has recently been some talk of pushing
for per-user temp directories by default in etch. I'd like to see what
people's reaction to such a proposal would be.
There are a number of outstanding "insecure tempfile vulnerabilities",
and there has
24 matches
Mail list logo
