executable scripts in /tmp
Philip Ehrens
pehrens at ligo.caltech.edu
Fri Oct 4 23:10:07 UTC 2002
Hi Pavel,
> Pavel Roskin wrote:
> > Hi, Philip!
> >
> > > mc currently writes executable scripts into /tmp.
> >
> > I'll fix it. Added to src/TODO and committed.
> >
> > > I think this is something that should generally be avoided.
> >
> > I haven't heard that it should be avoided in general (apart from
> > portability to 20 years old UNIX without "#!" support). Any references?
It seems that there are several rootkits out there that rely
on being able to execute files written to /tmp. Sorry, no
specific references handy.
> > > On my pokey little server I have /tmp mounted noexec because
> > > I am paranoid.
> >
> > OK, reliance on the ability to execute scripts seems unnecessary.
I agree.
> > > Why, since ~/.mc/tmp exists, and is used by mc anyway, doesn't
> > > mc just use ~/.mc/tmp for everything?
> >
> > There is no reason whatsoever to believe that the home directory is less
> > likely to be mounted noexec than /tmp. Really paranoid sysadmins would
> > make both noexec :-)
> >
> > On the other hand, I've seen installations where the home directory is
> > mounted over NFS and shared between several machines. That's not a good
> > choice for temporary files.
Quite right. Should've thought of the NFS thing, since I beat my
head against it soundly all day long at work ;^)
Better to continue writing into /tmp, but no executable scripts there.
Phil
--
Phil Ehrens <pehrens at ligo.caltech.edu>| Fun stuff:
The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org
California Institute of Technology | http://www.yellow5.com
1200 East California Blvd. | http://www.total.net/~fishnet/
Pasadena, CA 91125 USA | http://slashdot.org
Phone:(626)395-8518 Fax:(626)793-9744 | http://kame56.homepage.com
More information about the mc-devel
mailing list