enhance security via private TMP/TMPDIR by default
Bill Nottingham
notting at redhat.com
Wed May 18 22:48:34 UTC 2005
Colin Walters (walters at redhat.com) said:
> On Wed, 2005-05-18 at 20:15 +0200, Enrico Scholz wrote:
>
> > This CLONE_NEWNS and (related) 'mount --bind' operations are not very
> > well supported by the kernel:
> >
> > * there does not exist a way to enter an already existing namespace; so,
> > e.g. two different ssh sessions would have different /tmp directories
>
> Right, but that shouldn't be a problem since you can share data via your
> home directory or a specially-designated scratch area, etc.
Well, there's agent sockets and the like in your tmp dir.
Bill
More information about the fedora-devel-list
mailing list