Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.
Kurt Seifried
kurt at seifried.org
Mon Nov 7 20:40:22 UTC 2011
Sounds good to me.
On Mon, Nov 7, 2011 at 12:50 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It seems to be a weekly occurrence of a new CVE for some app that uses
> /tmp insecurely.
>
> I have been on a crusade for years to stop privileged services from
> using /tmp and /var/tmp. These services can be potentially be
> interfered by unprivileged users, potentially leading to process
> escalation. The only server applications that need to use /tmp
> should be for communicating with users. For example the X server, and
> potentially apps that use kerberos for example sssd and nfs.gssd.
> (Although maybe at some point we need to fix this.) Most apps that
> rely on using /tmp to communicate with the user can be easily broken
> by users having individual /tmp using pam_namespace.
>
> systemd as of Fedora 16 has the ability to run system services with
> private /tmp and /var/tmp. I would like to propose that we make this
> the default in Fedora 17, or at least open a bugzilla on all system
> services that we know of that use /tmp and /var/tmp to make them use
> private /tmp and /var/tmp.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEUEARECAAYFAk64NoYACgkQrlYvE4MpobN24ACfWMvhZHbb1CnClweGHM3C/dOY
> zk0Al3mHos+80HsvUMmNnc9zxCQhHcg=
> =Olg9
> -----END PGP SIGNATURE-----
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
--
Kurt Seifried
kurt at seifried.org
skype: (206) 905-9462
More information about the devel
mailing list