One of my crusades is to stop daemons from using /tmp. I think the problem here is two-fold,
- Inexperienced daemon writer decides he has some files that he wants to temporarily use. In userspace he uses /tmp, so why not just use it for his system application?
- Another reason daemon writers do this is to communicate with logged in users. He knows users can write to /tmp, so if he throws a socket or other file out there, there will be no problem communicating with the user.
Many attacks have happened because a careless application writer has written a daemon which writes files to /tmp while running as root.
Just enter "/tmp vulnerabilities" and google responds with 980,000 entries.
System applications creating and writing files/sockets in /tmp, also causes things like pam_namespace to not work well.
Pam_namespace, as I have written about before, can be used to isolate different users on the same system, giving each user his own /tmp. Finally, an issue that is dear to my heart: maintaining proper labeling on all these files being dumped into /tmp is a pain in the butt.
Daemon developers should follow these rules:
- /tmp is for users to store their stuff not for daemons or any process that is started in the boot process.
- If a daemon wants to communicate with a user then he should do it via /var/run/DAEMON.
- If you have a daemon that wants its temporarily files to survive a reboot. consider using /var/cache/DAEMON
I am even hoping to finally get X to stop using /tmp.
Maybe someday Kerberos ...
So if you have a daemon that uses /tmp please consider changing it to use a different directory.