From owner-freebsd-ports@FreeBSD.ORG Sun May 19 06:07:13 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id CE2D9A86 for ; Sun, 19 May 2013 06:07:13 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 4FE0FACE for ; Sun, 19 May 2013 06:07:13 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id r4J66tjq055857 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 19 May 2013 07:06:56 +0100 (BST) (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk r4J66tjq055857 Authentication-Results: smtp.infracaninophile.co.uk/r4J66tjq055857; dkim=none reason="no signature"; dkim-adsp=none (unprotected policy) Message-ID: <51986BF6.4000705@FreeBSD.org> Date: Sun, 19 May 2013 07:06:46 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: Erich Dollansky Subject: Re: Why does Samba requires 777 permissions on /tmp References: <20130519004659.3d415b88@raksha.tavi.co.uk> <20130519095614.4bcf7f64@X220.ovitrap.com> In-Reply-To: <20130519095614.4bcf7f64@X220.ovitrap.com> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2IENERKVLAPFPRHOSVWWB" X-Virus-Scanned: clamav-milter 0.97.8 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00,SPF_SOFTFAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: Bob Eager , sindrome , freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 May 2013 06:07:13 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2IENERKVLAPFPRHOSVWWB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 19/05/2013 03:56, Erich Dollansky wrote: > Your problem must be caused by something else. At least, I cannot > remember to ever have seen /tmp with a different setting than 0777. I hope you mean 1777 (drwxrwxrwt) there. That sticky bit is important. Without it there are a number of nasty attack possibilities involving things like using a race condition and craftily modifying a sym-link to trick root into overwriting an important file. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey ------enig2IENERKVLAPFPRHOSVWWB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGYa/8ACgkQ8Mjk52CukIxt5gCgkCwmq87lKzzvUgzILKjrNcAX FPYAn1nA0X8PBFFewwVDcwWruMsmGYTR =yAwp -----END PGP SIGNATURE----- ------enig2IENERKVLAPFPRHOSVWWB--