Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.
Lennart Poettering
mzerqung at 0pointer.de
Tue Nov 8 11:55:31 UTC 2011
On Mon, 07.11.11 21:53, Gregory Maxwell (gmaxwell at gmail.com) wrote:
> On Mon, Nov 7, 2011 at 8:48 PM, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> > If run on the main namespace all they see is that the files are in some
> > randomized subdir of /tmp, instead of /tmp itself.
>
> Is the randomization required? If they were named after the
> user/service that created them (perhaps with some randomization too
> e.g. /tmp/mount.fooservice.$random would be much more discoverable
> and maintainable then /tmp/$random. Systemctl show is good and needed
> for automation, but my brain stores more sysadmin trivial than I like
> already.
Well, that way attackers might still be able fool the admin: i.e. he
could create a directory with a service name and some randomized suffix
and the admin might blindly believe that this directory belongs to the
service, even if it doesn't, but belongs to the evil attacker. Using a
fully randomized name is a bit more secure here, since the admin always
needs to check the service first for the actual directory.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list