Disabling /tmp watch in RawHide
Mike A. Harris
mharris at redhat.com
Wed Nov 5 12:00:39 UTC 2003
On Mon, 3 Nov 2003, Stan Bubrouski wrote:
>Over the last four years I have found and reported several
>vulnerabilities in various apps that have use /tmp insecurely. A
>great many of them were discovered by merely looking in /tmp
>once a week or so at some of the files left behind.
>
>By default you guys have tmpwatch turned on, and I think that in
>RawHide and test builds this should be disabled so these kinds of
>security bugs can be found easier before releases. Yes I know /tmp
>can get messy with legitimate files (though most of the files left in
>/tmp SHOULD NOT be there), however I think the benefits of disabling by
>default on testing environments will get a great many more eyes spotting
>general bugs with some program /tmp usage.
>
>For instance I installed Fedora Core Test 3 release last weekend. I
>turned off tmpwatch, and voila, without even trying I found 4 insecure
>file uses between 3 packages. I did nothing to find these except ls
>through my /tmp and then track down the offenders. I guess this is
>probably something that will be debated, or shot down immediately, but
>still I'm throwing it out there. Without tmpwatch people WILL notice
>more insecure /tmp usage, even if by only the broken usages (i.e.
>leaving the files behind). Any thoughts?
This is IMHO an absolutely fantastic idea. I'm forwarding it
internally in case any shmuckheads aren't reading this list. ;o)
--
Mike A. Harris ftp://people.redhat.com/mharris
OS Systems Engineer - XFree86 maintainer - Red Hat
More information about the fedora-devel-list
mailing list