Date: Thu, 20 Jan 2000 14:08:22 -0500 (EST) From: Andriss <andriss@andriss.com> To: cjclark@home.com Cc: questions@FreeBSD.ORG Subject: Re: suggestion to prevent /tmp races Message-ID: <Pine.BSF.4.21.0001201359270.93530-100000@netmint.com> In-Reply-To: <20000120134541.B72914@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- >This does not solve the race condition. It just gives the victim more >of a head start. The attacker needs to now make guesses at the file >name created. For many programs it is fixed (e.g. <string>.<pid>) so >he might not even need to guess. For others it is typically ><string>_XXXX where 'XXXX' is "random" characters. An attacker can >make a lot of guesses and cover most or all of the namespace. Yes, but there is a large number of pids, and if a user cannot list processes of other users, it would be blind guessing. If a system is configured to disallow ps -a and other ps combinations (for a user, a terminal, etc) and /proc is mounted with different permissions, and a few other modifications are made, the number of guesses required to make the right one would be so large that system accounting would catch that process. If you have a limit on CPU consumption by users, such a brute-force resource hog would be killed off by resource limiting... Anyway, the point is: the system can be configured so that guessing the filename is a difficult task.. >A better method is for a user to make a 700 permission directory in >/tmp, although there are still some details to making even that >secure. I agree, that would be more secure. The downside is that it would take forever to patch all programs that use /tmp to use /tmp/username instead and create (and permission) that directory properly. It is good idea though... Maybe a directory in /tmp should be created along with the directory in /home and permissioned properly by the adduser script? Andriss - -- ______________________________________________________________ Andrey Kholodenko <andriss@andriss.com> http://www.andriss.com Download My Public PGP Key From http://www.andriss.com/pgp.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOIddKiQe9jf/ODl9AQHwUwQAr/hS/TGcCjT1g144/5eBhZIiiOmf3iHj aYa/mqu372f85urdkAQK/5A36GF4ZCZMfs/Xp9Vy2bobzk/9/p9uHtaeRLIzgevB VOWzyiTrjs4WFw/zkctlPNyCFeXJyl3t450/d+iZO4cE3rY1IXXcKK8LIzBSHoSF 4JPWLNUeWaQ= =h77Z -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001201359270.93530-100000>