Against /Tmp

(dotat.at)

143 points todsacerdoti | 1 comments | 22 Oct 24 12:36 UTC | HN request time: 0.34s | source

Show context

0xC0ncord ◴[22 Oct 24 13:20 UTC] No.41913968[source]▶

>>41913610 (OP) #

I'm amazed that polyinstantiation of directories via pam_namespace.so[1] is so unheard of. Setting this up fixes almost all of the qualms mentioned in the article by giving each user their own mount namespace with an isolated /tmp directory (and others if configured). Still though, this wouldn't prevent poorly written applications using /tmp from clashing with others that are running under the same user.

It's relatively easy to set up[2] and provides a pretty huge defense mitigation against abusing /tmp.

[1] https://www.man7.org/linux/man-pages/man8/pam_namespace.8.ht...

[2] https://docs.redhat.com/en/documentation/red_hat_enterprise_...

replies(4): >>41914558 #>>41914916 #>>41915729 #>>41916817 #

aidenn0 ◴[22 Oct 24 14:56 UTC] No.41914916[source]▶

>>41913968 #

Is there an easy way to duplicate a specific process' namespace? My biggest issue with all these new features is that privatize state is how much harder it is to reproduce a state.

Back when it was just environment variables, I could pipe /proc/PID/environ to xargs and get basically the same state. Given that things like unix domain sockets may end up in $TMPDIR, I can be left unable to do certain things.

replies(3): >>41915034 #>>41915231 #>>41915256 #

1. zokier ◴[22 Oct 24 15:28 UTC] No.41915256[source]▶

>>41914916 #

    nsenter --all --target $PID

or something like that?

https://man7.org/linux/man-pages/man1/nsenter.1.html

↑