Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

Lennart Poettering mzerqung at
Tue Nov 8 12:33:00 UTC 2011

On Tue, 08.11.11 13:31, Stijn Hoop (stijn at wrote:

> > Well, that way attackers might still be able fool the admin: i.e. he
> > could create a directory with a service name and some randomized
> > suffix and the admin might blindly believe that this directory
> > belongs to the service, even if it doesn't, but belongs to the evil
> > attacker. Using a fully randomized name is a bit more secure here,
> > since the admin always needs to check the service first for the
> > actual directory.
> But isn't the point of having namespaced /tmp that no network-facing
> service is even able to create a directory in the main namespace?
> In other words, if the attacker is able to create a directory in the
> main namespace, you've already lost?

I was talking of a local attacker here, not a remote one.


Lennart Poettering - Red Hat, Inc.

More information about the devel mailing list