Jeff Abrahamson on 28 Dec 2004 16:38:22 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] what would cause the sticky bits to be set on files?


On Tue, Dec 28, 2004 at 10:48:21AM -0500, George Gallen wrote:
>   [29 lines, 142 words, 1095 characters]  Top characters: e_ntiola
> 
> we recently had some write issues on some of the files in /tmp,
> When I looked at them, both the sticky and other bit was set (rwt on
> ls for other).
> There were quite a few of them.
> 
> I corrected it with chmod -R 777 /tmp, that reset all the files fine.

You really, really didn't want to do that.

Lots of things use /tmp, so, as you noted, /tmp has to be 777.  But
here's what you don't want to happen:

    you:    mkdir /tmp/private/
	    chmod 700 /tmp/private

    me:	    mkdir /tmp/other
	    chmod 777 /tmp/other
	    mv /tmp/other /tmp/private

    you:    write stuff to /tmp/private thinking it's private

Of course, this can be done in more subtle and clever ways, but this
is the essence of the attack.

Moreover, by doing a chmod -R 777, this means, for example, that
everyone can read and write to your ssh-agent's socket.

    jeff@asterix:jeff $ env |grep SSH
    SSH_AGENT_PID=24442
    SSH_AUTH_SOCK=/tmp/ssh-xziUW24393/agent.24393
    jeff@asterix:jeff $

and other things like this that are supposed to be private.

That's why /tmp has the funky mod bits and why some things in /tmp
aren't world readable/writable.

-- 
 Jeff

 Jeff Abrahamson  <http://www.purple.com/jeff/>    +1 215/837-2287
 GPG fingerprint: 1A1A BA95 D082 A558 A276  63C6 16BF 8C4C 0D1D AE4B

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug