Hey, Over the last four years I have found and reported several vulnerabilities in various apps that have use /tmp insecurely. A great many of them were discovered by merely looking in /tmp once a week or so at some of the files left behind. By default you guys have tmpwatch turned on, and I think that in RawHide and test builds this should be disabled so these kinds of security bugs can be found easier before releases. Yes I know /tmp can get messy with legitimate files (though most of the files left in /tmp SHOULD NOT be there), however I think the benefits of disabling by default on testing environments will get a great many more eyes spotting general bugs with some program /tmp usage. For instance I installed Fedora Core Test 3 release last weekend. I turned off tmpwatch, and voila, without even trying I found 4 insecure file uses between 3 packages. I did nothing to find these except ls through my /tmp and then track down the offenders. I guess this is probably something that will be debated, or shot down immediately, but still I'm throwing it out there. Without tmpwatch people WILL notice more insecure /tmp usage, even if by only the broken usages (i.e. leaving the files behind). Any thoughts? -sb
--- Begin Message ---
- From: Stan Bubrouski <bubrouski s neu edu>
- To: Mark J Cox <mjc redhat com>
- Subject: Disabling /tmp watch in RawHide
- Date: Mon, 03 Nov 2003 13:59:16 -0500
Hey, Over the last four years I have found and reported several vulnerabilities in various apps that have use /tmp insecurely. A great many of them were discovered by merely looking in /tmp once a week or so at some of the files left behind. By default you guys have tmpwatch turned on, and I think that in RawHide and test builds this should be disabled so these kinds of security bugs can be found easier before releases. Yes I know /tmp can get messy with legitimate files (though most of the files left in /tmp SHOULD NOT be there), however I think the benefits of disabling by default on testing environments will get a great many more eyes spotting general bugs with some program /tmp usage. For instance I installed Fedora Core Test 3 release last weekend. I turned off tmpwatch, and voila, without even trying I found 4 insecure file uses between 3 packages. I did nothing to find these except ls through my /tmp and then track down the offenders. I guess this is probably something that will be debated, or shot down immediately, but still I'm throwing it out there. Without tmpwatch people WILL notice more insecure /tmp usage, even if by only the broken usages (i.e. leaving the files behind). Any thoughts? -sb
--- End Message ---
Attachment:
signature.asc
Description: This is a digitally signed message part