SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [BUGTRAQ] Linux patches to solve /tmp race problem This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ] From: Magosányi Árpád <mag_at_bunuel.tii.matav.hu> Date: Sat, 21 Apr 2001 10:45:02 +0200 Hi! This is a good functionality. What about making a selinux-dependent version of it, which can include the TSID (or much better the label representation) in the pathname? It could be very useful for creating multilevel directories. A levelezõm azt hiszi, hogy Donaldson, Matthew a következõeket írta: > Hi all, > > I have recently developed some patches to the Linux 2.2 kernels which solve > the /tmp race problem without needing to define environment variables - > useful particularly for naive applications and scripts which dont use > TMPDIR and friends. > > The patch creates "dynamic" symlinks, which point to different paths > depending on the user accessing them (for example, including the UID in the > path name). Such a link can be placed instead of /tmp and/or /var/tmp, and > any other similar directories. More usefully, these links can be configured > to automatically create the directory they refer to if it does not exist. > > This means you can create a directory such as /tmp_files, for example, and > have the /tmp link automatically create user directories in it on demand. > Default permissions and ownership can be specified. > > The patches are available from http://www.datadeliverance.com in the Linux > Patches section, along with a full discussion of the issues involved. Your > comments on the scheme are invited. > > Cheers > > -Matthew > > -- > +--------------------------------------------------------------------------+ > \| Matthew Donaldson http://www.datadeliverance.com \| > \| Data Deliverance Pty. Ltd. Email: matthew@datadeliverance.com \| > \| 30 Musgrave Ave. Phone: +61 8 8265 7976 _ \| > \| Banksia Park Fax: +61 8 8265 0032 John / \/ \| > \| South Australia 5091 3:16 \_/\ \| > +--------------------------------------------------------------------------+ > -- GNU GPL: csak tiszta forrásból -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sat 21 Apr 2001 - 05:01:59 EDT This message: [ Message body ] Next message: Christoph Hellwig: "Re: [BUGTRAQ] Linux patches to solve /tmp race problem" Previous message: Will Dye: "Re: security enhancements outside of flask model" Next in thread: Christoph Hellwig: "Re: [BUGTRAQ] Linux patches to solve /tmp race problem" Reply: Christoph Hellwig: "Re: [BUGTRAQ] Linux patches to solve /tmp race problem" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom