←back to thread

Against /tmp

(dotat.at)
178 points todsacerdoti | 1 comments | 22 Oct 24 12:36 UTC | HN request time: 0.205s | source
Show context
0xC0ncord ◴[22 Oct 24 13:20 UTC] No.41913968[source]
I'm amazed that polyinstantiation of directories via pam_namespace.so[1] is so unheard of. Setting this up fixes almost all of the qualms mentioned in the article by giving each user their own mount namespace with an isolated /tmp directory (and others if configured). Still though, this wouldn't prevent poorly written applications using /tmp from clashing with others that are running under the same user.

It's relatively easy to set up[2] and provides a pretty huge defense mitigation against abusing /tmp.

[1] https://www.man7.org/linux/man-pages/man8/pam_namespace.8.ht...

[2] https://docs.redhat.com/en/documentation/red_hat_enterprise_...

replies(4): >>41914558 #>>41914916 #>>41915729 #>>41916817 #
1. cryptonector ◴[22 Oct 24 17:51 UTC] No.41916817[source]
If you're not using PAM then you don't get these.

For example, Kubernetes doesn't use PAM in the pods it creates to run your containers.

You might think "who cares", but I've written code that is agnostic as to whether it's running in a logged-in user's session or something else. https://news.ycombinator.com/item?id=41916623