LISTSERV mailing list manager LISTSERV 16.0

Help for LINUX-L Archives


LINUX-L Archives

LINUX-L Archives


LINUX-L@LISTS.UFL.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

LINUX-L Home

LINUX-L Home

LINUX-L  2007

LINUX-L 2007

Subject:

Re: protecting /tmp

From:

Edward Allcutt <[log in to unmask]>

Reply-To:

Platform Independent Linux List! <[log in to unmask]>

Date:

Mon, 1 Jan 2007 13:48:18 -0500

Content-Type:

multipart/signed

Parts/Attachments:

Parts/Attachments

text/plain (27 lines) , signature.asc (27 lines)

On Mon, 2007-01-01 at 09:39 -0800, Jeff Lasman wrote:
> Happy New Year!
Happy New Year :)

> On a forum I read someone has suggested chmodding everything in /tmp as 
> 0000 to protect from hackers.
Someone is pulling your leg. ;)

> In my understanding, then no one (not even the owner) can read the 
> files.
That's almost true. Any process with CAP_DAC_OVERRIDE or CAP_DAC_READ_SEARCH
will bypass permission checking (the most common way to get these
capabilities is to be root).

> Can this possibly work without breaking a lot of services and programs 
> that use /tmp?
It will probably break those things which already have files in /tmp . It
won't prevent new files being created by any passing "hackers" though.
Most services these days don't use /tmp for anything important so at
worst you're likely to see temporary failures.

So, no it doesn't work, but it probably won't kill you either.

-- 
Edward Allcutt <[log in to unmask]>

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997

ATOM RSS1 RSS2



LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager