enhance security via private TMP/TMPDIR by default

Colin Walters walters at redhat.com
Thu May 19 02:12:02 UTC 2005


On Wed, 2005-05-18 at 18:48 -0400, Bill Nottingham wrote:
> Colin Walters (walters at redhat.com) said: 
> > On Wed, 2005-05-18 at 20:15 +0200, Enrico Scholz wrote:
> > 
> > > This CLONE_NEWNS and (related) 'mount --bind' operations are not very
> > > well supported by the kernel:
> > > 
> > > * there does not exist a way to enter an already existing namespace; so,
> > >   e.g. two different ssh sessions would have different /tmp directories
> > 
> > Right, but that shouldn't be a problem since you can share data via your
> > home directory or a specially-designated scratch area, etc.
> 
> Well, there's agent sockets and the like in your tmp dir.

Sure.  But you weren't expecting to share an agent between separate ssh
logins, were you?  Defining a per-machine "session" gets terribly
hackish, as the Gentoo keychain program shows.  You get into this whole
mess of trying to get some way of communicating data between independent
logins, which gets a lot more difficult than "stuff it in ~/.foo" with
fun things like NFS /home in the mix.  /tmp is problematic since you
can't use well-known filenames.  You basically end up having to
trawl /tmp looking for an active socket or something, or try
~/.foo/$hostname/bar, and $hostname has its own problems...








More information about the fedora-devel-list mailing list