[redhat-lspp] New pam src rpm with namespace
Janak Desai
janak at us.ibm.com
Mon Feb 20 15:52:25 UTC 2006
Klaus Weidner wrote:
>On Sun, Feb 19, 2006 at 07:23:21PM +1100, Russell Coker wrote:
>
>
>>Incidentally one of the guys who's involved with OpenSSH development
>>suggested to me that there's a reasonable chance of getting the SE Linux
>>patches accepted into the portable tree. If we can get the code for
>>this feature working in the best possible manner and provide some
>>security benefits for non-SE systems then maybe we can get it included
>>as well.
>>
>>
>
>A per-user polyinstantiated /tmp and /var/tmp could be a security benefit
>even without SELinux if it can prevent temp file exploits. The current
>implementation isn't quite there yet since everybody's tmp directory is
>still present and world writable when newly created. Changing permissions
>for the polyinstantiated dir would fix that though, or maybe bind
>$HOME/tmp/ as /tmp/ and /var/tmp/ for each user?
>
>
>
>
Theoretically an instance of a directory should match the directory's
permissions.
If you don't want one user to have access to another user's instance
then you can
setup the instance parent as the polyinstantiated directory itself. That
is, setup
your namespace.conf as:
/tmp /tmp both
Now, when a user jrd logs in, the /tmp/.inst-jrd* will be bind mounted
on /tmp
and the /tmp/.inst-other-users* will be inaccessible him. If you tighten up
permissions of /tmp then there is a risk that some cots application, running
as a different user, may not work if it tries to write to /tmp.
-Janak
More information about the redhat-lspp
mailing list