On Mon, Jan 01, 2007 at 09:39:14AM -0800, Jeff Lasman wrote:
> Happy New Year!
> On a forum I read someone has suggested chmodding everything in /tmp as
> 0000 to protect from hackers.
> In my understanding, then no one (not even the owner) can read the
> Can this possibly work without breaking a lot of services and programs
> that use /tmp?
Heh, April's still 3 months away!
/tmp can be used for malicious purposes because any user can create
files in it. For example, a punk^Wcurious student could write a script
named "su" which takes your input and then emails it to some server in
Nigeria. If you happen to have "." in your $PATH, *and* you happen to
be in /tmp/ when you try to run su, then you're in trouble.
Note that although /tmp has "liberal" permissions set (read, write,
execute for all users), it also has the sticky bit set, so a user can
only modify files in /tmp if they belong to him. A 777 directory is
pretty much open to anything otherwise (any user can read/modify/delete
any other user's files).
Executive Summary: Don't do it! You'll anger your computer!
Happy New Year!
PS: Keep the local directory out of your $PATH. If you're really too
lazy to type "./executable", then at least make sure it's at the very
*end* of your path.
.''`. | This Sig Kills Fascists!
: :' : | http://deadbox.ath.cx