From owner-freebsd-questions  Thu Jan 20 11:26:23 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id ED49814E57
	for <questions@FreeBSD.ORG>; Thu, 20 Jan 2000 11:26:18 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA73205;
	Thu, 20 Jan 2000 14:29:17 -0500 (EST)
	(envelope-from cjc)
Date: Thu, 20 Jan 2000 14:29:17 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Andriss <andriss@andriss.com>
Cc: cjclark@home.com, questions@FreeBSD.ORG
Subject: Re: suggestion to prevent /tmp races
Message-ID: <20000120142917.D72914@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <20000120134541.B72914@cc942873-a.ewndsr1.nj.home.com> <Pine.BSF.4.21.0001201359270.93530-100000@netmint.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0001201359270.93530-100000@netmint.com>; from andriss@andriss.com on Thu, Jan 20, 2000 at 02:08:22PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Jan 20, 2000 at 02:08:22PM -0500, Andriss wrote:
[snip]
> >A better method is for a user to make a 700 permission directory in
> >/tmp, although there are still some details to making even that
> >secure. 
> 
> I agree, that would be more secure. The downside is that it would take
> forever to patch all programs that use /tmp to use /tmp/username
> instead and create (and permission) that directory properly. It is
> good idea though... Maybe a directory in /tmp should be created
> along with the directory in /home and permissioned properly
> by the adduser script?

The best way to go is to for programs to call functions like
tmpfile(3). Then security upgrades can just be done to the library
functions. tmpfile(3) would take care of creating or using an existing
secure temp dir on its own.

And BTW, my .login creates a 600 directory in /var/tmp and then sets
TMPDIR to that directory. This helps for the many programs that use
TMPDIR.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message