linux security - Mar 1998 - tmp files problem

Hi

  It seems that the problem is that you wish to make private
for the user, some files, which, for other purposes, should yet
remain possibly shared.

   This problem, for my own, is typically a resource-sharing
problem, and may be simply solved in a password-like way.
  That is, each temp file should be generated with a randomized
name.

  It has been said that this implies 1) modifying shell scripts,
2) that the programmer should be security-conscious.

That''s true. However if you want to make some files shared,
and others private, this involves building different flags
for each case ( shared or private ) for the system calls such
as open, so this needs to recompile all the programs.

  So you have the choice, but for my own I do believe the first
option ( random-generated temp files ), is preferable.

  For my own, I do think that application being built by
bad security-conscious programmer, will always fail, no matter
which tools you give to him for security purpose.

  Regard.

   Jean Ortolo

>   For my own, I do think that application being built by
> bad security-conscious programmer, will always fail, no matter
> which tools you give to him for security purpose.
This is a good point: much like the idea that you can write bad programs
in ANY language, even [insert your current favourite here].

In another guise, when I volunteer on an ambulance, personal safety is
controlled by training to cause changes in personal behavior [much like
the security changes required for the coder], as well as by physical
environmental controls to make the "default" actions safer.  The
latter,
like the proposals being made to change /tmp, are considered more
reliable precisely because people can always ignore their training.

Joe Yao				jsdy@tux.org - Joseph S. D. Yao