On Mon, 07.11.11 21:53, Gregory Maxwell (gmaxwell(a)gmail.com) wrote:
On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering
<mzerqung(a)0pointer.de> wrote:
> If run on the main namespace all they see is that the files are in some
> randomized subdir of /tmp, instead of /tmp itself.
Is the randomization required? If they were named after the
user/service that created them (perhaps with some randomization too
e.g. /tmp/mount.fooservice.$random would be much more discoverable
and maintainable then /tmp/$random. Systemctl show is good and needed
for automation, but my brain stores more sysadmin trivial than I like
already.
Well, that way attackers might still be able fool the admin: i.e. he
could create a directory with a service name and some randomized suffix
and the admin might blindly believe that this directory belongs to the
service, even if it doesn't, but belongs to the evil attacker. Using a
fully randomized name is a bit more secure here, since the admin always
needs to check the service first for the actual directory.
Lennart
--
Lennart Poettering - Red Hat, Inc.