Date: Sun, 19 May 2013 07:06:46 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: Erich Dollansky <erich@alogt.com> Cc: Bob Eager <rde@tavi.co.uk>, sindrome <sindrome@gmail.com>, freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <51986BF6.4000705@FreeBSD.org> In-Reply-To: <20130519095614.4bcf7f64@X220.ovitrap.com> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> <20130519004659.3d415b88@raksha.tavi.co.uk> <CAFzAeSdoJEno2638-Lr4MMuxk9CmorPn6uCGbGs34Y1myw-W-A@mail.gmail.com> <20130519095614.4bcf7f64@X220.ovitrap.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2IENERKVLAPFPRHOSVWWB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 19/05/2013 03:56, Erich Dollansky wrote: > Your problem must be caused by something else. At least, I cannot > remember to ever have seen /tmp with a different setting than 0777. I hope you mean 1777 (drwxrwxrwt) there. That sticky bit is important. Without it there are a number of nasty attack possibilities involving things like using a race condition and craftily modifying a sym-link to trick root into overwriting an important file. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey ------enig2IENERKVLAPFPRHOSVWWB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGYa/8ACgkQ8Mjk52CukIxt5gCgkCwmq87lKzzvUgzILKjrNcAX FPYAn1nA0X8PBFFewwVDcwWruMsmGYTR =yAwp -----END PGP SIGNATURE----- ------enig2IENERKVLAPFPRHOSVWWB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51986BF6.4000705>