Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] temporary files created by crontab -e
  • From: Eilert Brinkmann <eilert@xxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: 04 May 2000 18:46:04 +0200
  • Message-id: <xttln1q1cxf.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
"Petri Sirkkala." <petes@xxxxxxxxxxxxx> wrote:
> On Thu, 4 May 2000, Roland Hilkenbach wrote:
>
> > behavior can easily be used to do a DoS since the /tmp directory has the
> > sticky-Bit set.
>
> What? No sticky bits are set at my installation. That would be a major
> mistake allowing others to make files belonging to root:root.

The permissions for /tmp should look like this:

drwxrwxrwt 23 root root 5120 May 4 06:50 /tmp
^

The 't' indicates, that the sticky bit is set. In directories with the
sticky bit set files can only be renamed or removed by their owner or
by the owner of the directory (see `man 2 stat'). This bit *should* be
set for world writable directories like /tmp. You have a security
problem when it isn't, because then everybody could rename or unlink
other user's files in /tmp.

> Just think what these files could do, if made setuid too? You should
> doublecheck your system, if someone has somehow made your tmp
> setgid- or setuid something.

AFAIR the setuid bit for directories doesn't have any effect on Linux
systems. However, it is correct that neither the setuid nor the setgid
bit should be set for /tmp, but that's something completely different
than the sticky bit.

Eilert
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik
eilert@xxxxxxxxxxxxxxxxxxxxxxxx - eilert@xxxxxxx - eilert@xxxxxxxxxxxxxx
http://www.informatik.uni-bremen.de/~eilert/

< Previous Next >
References