executable scripts in /tmp

Philip Ehrens pehrens at ligo.caltech.edu
Fri Oct 4 23:10:07 UTC 2002


Hi Pavel,

> Pavel Roskin wrote:
> > Hi, Philip!
> > 
> > > mc currently writes executable scripts into /tmp.
> > 
> > I'll fix it.  Added to src/TODO and committed.
> > 
> > > I think this is something that should generally be avoided.
> > 
> > I haven't heard that it should be avoided in general (apart from
> > portability to 20 years old UNIX without "#!" support).  Any references?
 
It seems that there are several rootkits out there that rely
on being able to execute files written to /tmp.  Sorry, no
specific references handy.
 
> > > On my pokey little server I have /tmp mounted noexec because
> > > I am paranoid.
> > 
> > OK, reliance on the ability to execute scripts seems unnecessary.
 
I agree.
 
> > > Why, since ~/.mc/tmp exists, and is used by mc anyway, doesn't
> > > mc just use ~/.mc/tmp for everything?
> > 
> > There is no reason whatsoever to believe that the home directory is less 
> > likely to be mounted noexec than /tmp.  Really paranoid sysadmins would 
> > make both noexec :-)
> > 
> > On the other hand, I've seen installations where the home directory is
> > mounted over NFS and shared between several machines.  That's not a good
> > choice for temporary files.
  
Quite right.  Should've thought of the NFS thing, since I beat my
head against it soundly all day long at work ;^)
 
Better to continue writing into /tmp, but no executable scripts there.
 
Phil
-- 
Phil Ehrens <pehrens at ligo.caltech.edu>| Fun stuff:
The LIGO Laboratory, MS 18-34         | http://www.ralphmag.org
California Institute of Technology    | http://www.yellow5.com
1200 East California Blvd.            | http://www.total.net/~fishnet/
Pasadena, CA 91125 USA                | http://slashdot.org
Phone:(626)395-8518 Fax:(626)793-9744 | http://kame56.homepage.com



More information about the mc-devel mailing list