| Jeff Abrahamson on 28 Dec 2004 16:38:22 -0000 |
|
On Tue, Dec 28, 2004 at 10:48:21AM -0500, George Gallen wrote:
> [29 lines, 142 words, 1095 characters] Top characters: e_ntiola
>
> we recently had some write issues on some of the files in /tmp,
> When I looked at them, both the sticky and other bit was set (rwt on
> ls for other).
> There were quite a few of them.
>
> I corrected it with chmod -R 777 /tmp, that reset all the files fine.
You really, really didn't want to do that.
Lots of things use /tmp, so, as you noted, /tmp has to be 777. But
here's what you don't want to happen:
you: mkdir /tmp/private/
chmod 700 /tmp/private
me: mkdir /tmp/other
chmod 777 /tmp/other
mv /tmp/other /tmp/private
you: write stuff to /tmp/private thinking it's private
Of course, this can be done in more subtle and clever ways, but this
is the essence of the attack.
Moreover, by doing a chmod -R 777, this means, for example, that
everyone can read and write to your ssh-agent's socket.
jeff@asterix:jeff $ env |grep SSH
SSH_AGENT_PID=24442
SSH_AUTH_SOCK=/tmp/ssh-xziUW24393/agent.24393
jeff@asterix:jeff $
and other things like this that are supposed to be private.
That's why /tmp has the funky mod bits and why some things in /tmp
aren't world readable/writable.
--
Jeff
Jeff Abrahamson <http://www.purple.com/jeff/> +1 215/837-2287
GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|