Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.
Benny Amorsen
benny+usenet at amorsen.dk
Wed Nov 9 09:10:43 UTC 2011
Lennart Poettering <mzerqung at 0pointer.de> writes:
> Well, that way attackers might still be able fool the admin: i.e. he
> could create a directory with a service name and some randomized suffix
> and the admin might blindly believe that this directory belongs to the
> service, even if it doesn't, but belongs to the evil attacker. Using a
> fully randomized name is a bit more secure here, since the admin always
> needs to check the service first for the actual directory.
How about making a non-world-writable directory somewhere for this
purpose, with service-named directories beneath it?
That is yet another thing for sysadms to learn about of course, unless
it is placed in /tmp itself which creates some security problems
again...
/Benny
More information about the devel
mailing list