On Mon, 2007-01-01 at 09:39 -0800, Jeff Lasman wrote:
> Happy New Year!
Happy New Year :)
> On a forum I read someone has suggested chmodding everything in /tmp as
> 0000 to protect from hackers.
Someone is pulling your leg. ;)
> In my understanding, then no one (not even the owner) can read the
That's almost true. Any process with CAP_DAC_OVERRIDE or CAP_DAC_READ_SEARCH
will bypass permission checking (the most common way to get these
capabilities is to be root).
> Can this possibly work without breaking a lot of services and programs
> that use /tmp?
It will probably break those things which already have files in /tmp . It
won't prevent new files being created by any passing "hackers" though.
Most services these days don't use /tmp for anything important so at
worst you're likely to see temporary failures.
So, no it doesn't work, but it probably won't kill you either.
Edward Allcutt <[log in to unmask]>