Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Is this true?
- From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
- Date: Thu, 29 Nov 2001 12:12:26 -0300
- Message-id: <00a001c178e8$431b6860$bb4731c8@linlin>
The reason is that /tmp and /var/tmp are WORLD WRITEABLE. ANYTHING
(ANYTHING!) can write to them. Of course this is the whole point, a global
scratch space. Why is this a risk?
Many attacks will expose information/etc, being able to dump to /tmp is very
convinient, especially for www based stuff/etc. Other reasons include
getting a small amount of access, uploading files (to tmp) and exploiting a
local hole to gain root or whatever.
Another risk is an attacker filling up your / partition (where /tmp is
unless it's a seperate partition usually...) which can cause a ton of grief,
especially with seriously deep directory structures (like 100k dirs deep).
http://www.seifried.org/lasg/installation/
-Kurt
(ANYTHING!) can write to them. Of course this is the whole point, a global
scratch space. Why is this a risk?
Many attacks will expose information/etc, being able to dump to /tmp is very
convinient, especially for www based stuff/etc. Other reasons include
getting a small amount of access, uploading files (to tmp) and exploiting a
local hole to gain root or whatever.
Another risk is an attacker filling up your / partition (where /tmp is
unless it's a seperate partition usually...) which can cause a ton of grief,
especially with seriously deep directory structures (like 100k dirs deep).
http://www.seifried.org/lasg/installation/
-Kurt
| < Previous | Next > |