enhance security via private TMP/TMPDIR by default

Rodd Clarkson rodd at clarkson.id.au
Thu May 19 00:32:47 UTC 2005


On Wed, 2005-05-18 at 18:48 -0400, Bill Nottingham wrote:
> Colin Walters (walters at redhat.com) said: 
> > On Wed, 2005-05-18 at 20:15 +0200, Enrico Scholz wrote:
> > 
> > > This CLONE_NEWNS and (related) 'mount --bind' operations are not very
> > > well supported by the kernel:
> > > 
> > > * there does not exist a way to enter an already existing namespace; so,
> > >   e.g. two different ssh sessions would have different /tmp directories
> > 
> > Right, but that shouldn't be a problem since you can share data via your
> > home directory or a specially-designated scratch area, etc.
> 
> Well, there's agent sockets and the like in your tmp dir.

Not sure if this is related but....

With regard to tmp directories, I'd like to see two things as default:

1. Each user should have there own ~/tmp space which only they can
access.  This could be used for the users agent sockets, but also just
for general files that they would put in /tmp.  This would give a better
level of privacy (for whatever reason, but maybe simply so they don't
have to think about the privacy implications of putting things in a
publically accessible /tmp folder)

2. The system should have a general 'shared' folder that appears as a
folder in each users home directory, but where any files placed there
can be accessed by anyone else.  This folder shouldn't delete files
after a period like /tmp does, and if shouldn't cause problems with
ownership (a security issue maybe).  My father, who worked at the Bureau
of Meteorology in Melbourne and who has use Unix as part of that always
comments that one of the biggest issues he had was being able to simply
share files with others without having to contact a sysadmin just to get
a 'shared folder' set up.  My wife concurs with him, thinking it's mad
that she has to put important files in /tmp just to be able to share
them, and while I could do something about this, the reality is that
they would both like it to be done without having to ask anyone.  (It's
a small sample size, but I'm sure others have heard similar comments.
8-] )

Thoughts (and beratings ;-] )


R.

-- 
"It's a fine line between denial and faith.
 It's much better on my side"




More information about the fedora-devel-list mailing list