danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
Daemons "Just say no to using /tmp"
danwalsh
Working on SELinux I get exposed to lots of daemon applications doing evil things. :^(

One of my crusades is to stop daemons from using /tmp.  I think the problem here is two-fold,

  1. Inexperienced daemon writer decides he has some files that he wants to temporarily use. In userspace he uses /tmp, so why not just use it for his system application?
  2. Another reason daemon writers do this is to communicate with logged in users.  He knows users can write to /tmp, so if he throws a socket or other file out there, there will be no problem communicating with the user.

Many attacks have happened because a careless application writer has written a daemon which writes files to /tmp while running as root.

Just enter "/tmp vulnerabilities" and google responds with 980,000 entries.

System applications creating and writing files/sockets in /tmp, also causes things like pam_namespace to not work well.
Pam_namespace, as I have written about before, can be used to isolate different users on the same system, giving each user his own /tmp.  Finally, an issue  that is dear to my heart: maintaining proper labeling on all these files being dumped into /tmp is a pain in the butt.

Daemon developers should follow these rules:

  • /tmp is for users to store their stuff  not for daemons or any process that is started in the boot process.
  • If a daemon wants to communicate with a user then he should do it via /var/run/DAEMON.  
  • If you have a daemon that wants its temporarily files to survive a reboot. consider using /var/cache/DAEMON


I am even hoping to finally get X to stop using /tmp. 

Maybe someday Kerberos ...

So if you have a daemon that uses /tmp please consider changing it to use a different directory.

Dan

system-wide /tmp is necessary for things like this

jons-thoughts.blogspot.com

2008-02-08 07:00 pm (UTC)

Think about if you home directory were mounted via NFS, AFS, GFS - pick shared filesystem of your choice, and you were to use screen on multiple machines. You'd have sockets that are busted, and a mighty long list in screen -ls. In *your* situation, $HOME/tmp might be appropriate, however in a large number of environments it would not be.

A little OT for this post, though :). I *do* agree with daemons moving stuff out, it's not the Right Place(TM)

You are viewing danwalsh