rawhide report: 20101019 changes
Richard W.M. Jones
rjones at redhat.com
Wed Oct 20 11:52:33 UTC 2010
On Tue, Oct 19, 2010 at 04:50:43PM -0400, seth vidal wrote:
> On Tue, 2010-10-19 at 15:40 -0500, Chris Adams wrote:
> > Once upon a time, James Antill <james at fedoraproject.org> said:
> > > Putting my really old sysadmin hat on, one other reason for
> > > having /tmp, /var and /usr as separate mount points was so that you
> > > could allocate different disk space to each (and they couldn't break
> > > each other) ... do we have other solutions for that?
> >
> > On a multi-user server (and that includes web access like PHP or CGI),
> > you really don't want user-writable directories on a filesystem with
> > anything important, especially security-sensitive things like setuid
> > binaries. Hard-link tricks are evil. I run with a separate /tmp
> > (usually tmpfs now) and bind mount it to /var/tmp as well.
>
> Not to get too far off into the weeds but Polyinstantianed tmpdir
> (pam_namespace) are a good idea here. Everyone gets their on /tmp
> and /var/tmp and no one else can see them.
+1 ... we should have had this a long time ago.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the devel
mailing list