29 Nov
2001
29 Nov
'01
15:12
The reason is that /tmp and /var/tmp are WORLD WRITEABLE. ANYTHING (ANYTHING!) can write to them. Of course this is the whole point, a global scratch space. Why is this a risk? Many attacks will expose information/etc, being able to dump to /tmp is very convinient, especially for www based stuff/etc. Other reasons include getting a small amount of access, uploading files (to tmp) and exploiting a local hole to gain root or whatever. Another risk is an attacker filling up your / partition (where /tmp is unless it's a seperate partition usually...) which can cause a ton of grief, especially with seriously deep directory structures (like 100k dirs deep). http://www.seifried.org/lasg/installation/ -Kurt