From: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To: David Laight <David.Laight@ACULAB.COM>
Cc: "'Solar Designer'" <solar@openwall.com>,
"'Salvatore Mesoraca'" <s.mesoraca16@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Kernel Hardening" <kernel-hardening@lists.openwall.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories
Date: Fri, 1 Dec 2017 15:52:57 +0000 [thread overview]
Message-ID: <20171201155257.561b2c27@alans-desktop> (raw)
In-Reply-To: <c5d9dd814f14467a8b756ebd27a07a75@AcuMS.aculab.com>
> > That's general misuse of /tmp. Things like "command > /tmp/file"
> > without having pre-created the file with O_EXCL e.g. by mktemp(1).
>
> I'm sorry, I've been using Unix for over 30 years.
> /tmp is a place that temporary files were created - nothing special.
> Traditionally it was emptied on every boot.
> There was never anything that required files be created in any
> specific way.
And in 1978 you had to boot single user and use nckeck and icheck to fix
the filesystem up by hand, you had no networking, no systemd, no
sysvinit, no ANSI C. no X11 ... (shall I go on...)
There are reasons it all changed. The origin of /tmp is a compromise of
security and disk performance made in the 1970s about an OS that was
quite different, running on a machine with typically 256K of RAM, no RAM
disks, a single very expensive fixed head drive and a larger moving head
one.
The existence of /tmp in that form today is a bizarre historic quirk.
Fortunately if you want a perfectly safe /tmp/ use namespaces and every
user can have their own private /tmp.
Alan
WARNING: multiple messages have this Message-ID (diff)
From: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
To: David Laight <David.Laight@ACULAB.COM>
Cc: 'Solar Designer' <solar@openwall.com>,
'Salvatore Mesoraca' <s.mesoraca16@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: [kernel-hardening] Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories
Date: Fri, 1 Dec 2017 15:52:57 +0000 [thread overview]
Message-ID: <20171201155257.561b2c27@alans-desktop> (raw)
In-Reply-To: <c5d9dd814f14467a8b756ebd27a07a75@AcuMS.aculab.com>
> > That's general misuse of /tmp. Things like "command > /tmp/file"
> > without having pre-created the file with O_EXCL e.g. by mktemp(1).
>
> I'm sorry, I've been using Unix for over 30 years.
> /tmp is a place that temporary files were created - nothing special.
> Traditionally it was emptied on every boot.
> There was never anything that required files be created in any
> specific way.
And in 1978 you had to boot single user and use nckeck and icheck to fix
the filesystem up by hand, you had no networking, no systemd, no
sysvinit, no ANSI C. no X11 ... (shall I go on...)
There are reasons it all changed. The origin of /tmp is a compromise of
security and disk performance made in the 1970s about an OS that was
quite different, running on a machine with typically 256K of RAM, no RAM
disks, a single very expensive fixed head drive and a larger moving head
one.
The existence of /tmp in that form today is a bizarre historic quirk.
Fortunately if you want a perfectly safe /tmp/ use namespaces and every
user can have their own private /tmp.
Alan
next prev parent reply other threads:[~2017-12-01 15:53 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-22 8:01 [PATCH v3 0/2] Restrict dangerous open in sticky directories Salvatore Mesoraca
2017-11-22 8:01 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-22 8:01 ` [PATCH v3 1/2] Protected FIFOs and regular files Salvatore Mesoraca
2017-11-22 8:01 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-23 22:43 ` Tobin C. Harding
2017-11-24 8:24 ` Salvatore Mesoraca
2017-11-22 8:01 ` [PATCH v3 2/2] Protected O_CREAT open in sticky directories Salvatore Mesoraca
2017-11-22 8:01 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-22 12:03 ` Pavel Vasilyev
2017-11-24 8:28 ` Salvatore Mesoraca
2017-11-22 13:22 ` Matthew Wilcox
2017-11-22 13:22 ` [kernel-hardening] " Matthew Wilcox
2017-11-22 14:38 ` Pavel Vasilyev
2017-11-24 8:29 ` Salvatore Mesoraca
2017-11-24 8:29 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-22 16:51 ` Alan Cox
2017-11-22 16:51 ` [kernel-hardening] " Alan Cox
2017-11-24 8:31 ` Salvatore Mesoraca
2017-11-24 8:31 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-24 10:53 ` David Laight
2017-11-24 10:53 ` [kernel-hardening] " David Laight
2017-11-24 11:43 ` Salvatore Mesoraca
2017-11-24 11:43 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-24 11:53 ` David Laight
2017-11-24 11:53 ` [kernel-hardening] " David Laight
2017-11-26 11:29 ` Salvatore Mesoraca
2017-11-26 11:29 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-27 0:26 ` Solar Designer
2017-11-27 0:26 ` [kernel-hardening] " Solar Designer
2017-11-30 14:39 ` Salvatore Mesoraca
2017-11-30 14:39 ` [kernel-hardening] " Salvatore Mesoraca
2017-11-30 14:57 ` Ian Campbell
2017-11-30 16:30 ` [kernel-hardening] " Solar Designer
2017-12-05 10:21 ` Salvatore Mesoraca
2017-12-07 21:47 ` Solar Designer
2017-12-11 12:08 ` Salvatore Mesoraca
2017-11-23 22:57 ` Tobin C. Harding
2017-11-24 8:34 ` Salvatore Mesoraca
2017-11-30 16:53 ` David Laight
2017-11-30 16:53 ` [kernel-hardening] " David Laight
2017-11-30 17:51 ` Solar Designer
2017-11-30 17:51 ` [kernel-hardening] " Solar Designer
2017-12-01 9:46 ` David Laight
2017-12-01 9:46 ` [kernel-hardening] " David Laight
2017-12-01 15:52 ` Alan Cox [this message]
2017-12-01 15:52 ` [kernel-hardening] " Alan Cox
2017-11-27 1:14 ` [kernel-hardening] Re: [PATCH v3 0/2] Restrict dangerous " Solar Designer
2017-11-27 13:18 ` Solar Designer
2017-11-30 14:38 ` Salvatore Mesoraca
2017-11-30 14:37 ` Salvatore Mesoraca
2017-11-30 19:05 ` Solar Designer
2017-11-30 19:14 ` Solar Designer
2017-12-05 10:13 ` Salvatore Mesoraca
2017-12-07 22:23 ` Solar Designer
2017-12-08 12:17 ` Solar Designer
2017-12-11 12:07 ` Salvatore Mesoraca
2017-12-11 15:33 ` Solar Designer
2017-12-12 18:00 ` Salvatore Mesoraca
2017-12-11 16:07 ` Solar Designer
2017-12-12 18:01 ` Salvatore Mesoraca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171201155257.561b2c27@alans-desktop \
--to=gnomes@lxorguk.ukuu.org.uk \
--cc=David.Laight@ACULAB.COM \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=s.mesoraca16@gmail.com \
--cc=solar@openwall.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.