danwalsh (danwalsh) wrote,

Daemons "Just say no to using /tmp"

Working on SELinux I get exposed to lots of daemon applications doing evil things. :^(

One of my crusades is to stop daemons from using /tmp.  I think the problem here is two-fold,

  1. Inexperienced daemon writer decides he has some files that he wants to temporarily use. In userspace he uses /tmp, so why not just use it for his system application?
  2. Another reason daemon writers do this is to communicate with logged in users.  He knows users can write to /tmp, so if he throws a socket or other file out there, there will be no problem communicating with the user.

Many attacks have happened because a careless application writer has written a daemon which writes files to /tmp while running as root.

Just enter "/tmp vulnerabilities" and google responds with 980,000 entries.

System applications creating and writing files/sockets in /tmp, also causes things like pam_namespace to not work well.
Pam_namespace, as I have written about before, can be used to isolate different users on the same system, giving each user his own /tmp.  Finally, an issue  that is dear to my heart: maintaining proper labeling on all these files being dumped into /tmp is a pain in the butt.

Daemon developers should follow these rules:

  • /tmp is for users to store their stuff  not for daemons or any process that is started in the boot process.
  • If a daemon wants to communicate with a user then he should do it via /var/run/DAEMON.  
  • If you have a daemon that wants its temporarily files to survive a reboot. consider using /var/cache/DAEMON

I am even hoping to finally get X to stop using /tmp. 

Maybe someday Kerberos ...

So if you have a daemon that uses /tmp please consider changing it to use a different directory.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened