←back to thread

Against /tmp

(dotat.at)
198 points todsacerdoti | 3 comments | 22 Oct 24 12:36 UTC | HN request time: 0.579s | source
Show context
Joker_vD ◴[22 Oct 24 13:18 UTC] No.41913946[source]
> The fix, way back when, should have been for login(8) to create a per-user temporary directory in a sensible place before it drops privilege, and set $TMPDIR so the user’s shell and child processes can find it.

Something like

    tmpdir := "/tmp/${USERNAME}"
    loop:
        rmdir(tmpdir, recurse=true)
        while not mkdir(tmpdir, 0o700, must-create=true)
    chown(tmpdir, user=$USERNAME, group=$USERGROUP)
    export("TMPDIR", tmpdir)
with /tmp having root:root owner with 0o775 permissions on it? Yeah, would've been nice.
replies(3): >>41914009 #>>41914158 #>>41916846 #
cryptonector ◴[22 Oct 24 17:54 UTC] No.41916846[source]
/tmp is 01777

Anything that requires login(8) or PAM to make it happen is insufficient. This has to happen in environments like Kubernetes too.

replies(1): >>41918577 #
1. Joker_vD ◴[22 Oct 24 20:53 UTC] No.41918577[source]
It doesn't have to be, does it? Drop the S_IWOTH from it.
replies(1): >>41919119 #
2. cryptonector ◴[22 Oct 24 21:55 UTC] No.41919119[source]
But you'll have to have all users be members of the group then. That gets you nothing.
replies(1): >>41919316 #
3. Joker_vD ◴[22 Oct 24 22:19 UTC] No.41919316[source]
No you don't have to?

    joker@e2509h:~/test_tmp$ ll
    total 12K
    drwxr-xr-x  3 joker joker 4.0K Oct 22 22:12 ./
    drwxr-x--- 11 joker joker 4.0K Oct 22 22:12 ../
    drwxr-xr-x  3 root  root  4.0K Oct 22 22:13 tmp/
    joker@e2509h:~/test_tmp$ cd tmp
    joker@e2509h:~/test_tmp/tmp$ ll
    total 12K
    drwxr-xr-x 3 root  root  4.0K Oct 22 22:13 ./
    drwxr-xr-x 3 joker joker 4.0K Oct 22 22:12 ../
    drwxr-xr-x 2 joker joker 4.0K Oct 22 22:13 joker/
    -rw-r--r-- 1 root  root     0 Oct 22 22:15 z
    joker@e2509h:~/test_tmp/tmp$ touch x
    touch: cannot touch 'x': Permission denied
    joker@e2509h:~/test_tmp/tmp$ rm z
    rm: remove write-protected regular empty file 'z'? y
    rm: cannot remove 'z': Permission denied
    joker@e2509h:~/test_tmp/tmp$ touch joker/x
    joker@e2509h:~/test_tmp/tmp$ ll joker
    total 8.0K
    drwxr-xr-x 2 joker joker 4.0K Oct 22 22:13 ./
    drwxr-xr-x 3 root  root  4.0K Oct 22 22:15 ../
    -rw-r--r-- 1 joker joker    0 Oct 22 22:13 x
    joker@e2509h:~/test_tmp/tmp$ rm joker/x
    joker@e2509h:~/test_tmp/tmp$
Looks like it works just fine.