Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.
mzerqung at 0pointer.de
Tue Nov 8 12:33:00 UTC 2011
On Tue, 08.11.11 13:31, Stijn Hoop (stijn at sandcat.nl) wrote:
> > Well, that way attackers might still be able fool the admin: i.e. he
> > could create a directory with a service name and some randomized
> > suffix and the admin might blindly believe that this directory
> > belongs to the service, even if it doesn't, but belongs to the evil
> > attacker. Using a fully randomized name is a bit more secure here,
> > since the admin always needs to check the service first for the
> > actual directory.
> But isn't the point of having namespaced /tmp that no network-facing
> service is even able to create a directory in the main namespace?
> In other words, if the attacker is able to create a directory in the
> main namespace, you've already lost?
I was talking of a local attacker here, not a remote one.
Lennart Poettering - Red Hat, Inc.
More information about the devel