Features/Polyinstantiated Temporary Directories

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Current status: add last updated information)
(Xserver: xserver FHS violation bug report)
 
(One intermediate revision by one user not shown)
Line 27: Line 27:
 
== Scope ==
 
== Scope ==
 
<!-- What work do the developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
 
<!-- What work do the developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
It has to be decided which directories should be polyinstantiated and a configuration for pam_namespace needs to be created. Probably this needs to be included in some system-config tool to enable/disable this easily.
+
It has to be decided which directories should be polyinstantiated and a configuration for pam_namespace needs to be created. system-config-authentication should get support to enable/disable and configurate this.
 +
 
 +
=== Xserver ===
 +
X creates sockets in <code>/tmp/.X11-unix/</code> which would be better created somewhere in <code>/var/run</code>. With polyinstatntiated /tmp, this is currently causing problems. An ugly workaround is to synchronize these sockets somehow like it is described in an [http://www.ibm.com/developerworks/linux/library/l-polyinstantiation/index.html IBM developerworks article].
 +
 
 +
Bug Report: [[rhbug:503181|#5031781]] - /tmp/.X11-unix /tmp/.X0-lock FHS violation / pam_namespace conflict
  
 
== How To Test ==
 
== How To Test ==

Latest revision as of 13:21, 29 May 2009

Contents

[edit] Feature Name

Polyinstantiated Temporary Directories

[edit] Summary

Polyinstatiate temporary directories for different users to avoid risks comming with insecure tempfile creation. Targetted directories are at least /tmp, /var/tmp and maybe /dev/shm.

[edit] Owner

  • email: <your email address so we can contact you, invite you to meetings, etc.>

[edit] Current status

  • Targeted release: Fedora 21
  • Last updated: 2009-05-29
  • Percentage of completion: XX%


[edit] Detailed Description

pam_namespace can be used to bind mount separate directories for each user at login time to the targetted directories. An example setup is deployed at the fedorapeople server.

[edit] Benefit to Fedora

It increases the security of a system, because it mitigates insecure tempfile attacks, because users can only access their own temporary directories.

[edit] Scope

It has to be decided which directories should be polyinstantiated and a configuration for pam_namespace needs to be created. system-config-authentication should get support to enable/disable and configurate this.

[edit] Xserver

X creates sockets in /tmp/.X11-unix/ which would be better created somewhere in /var/run. With polyinstatntiated /tmp, this is currently causing problems. An ugly workaround is to synchronize these sockets somehow like it is described in an IBM developerworks article.

Bug Report: #5031781 - /tmp/.X11-unix /tmp/.X0-lock FHS violation / pam_namespace conflict

[edit] How To Test

[edit] Special Requirements

None

[edit] System Preparation

TBD

[edit] Testing Actions

Login with two user accounts, create a files in each targetted directory as the first user and try to access the files as the other user.

[edit] Expected Results

The user should not see or be able to access the created files in the targetted diretories.

[edit] User Experience

Users will see different contents at the targetted directories, which may irritate them when they try to exchange files between two user accounts. On the other hand they are protected in case they create a temporary file with insecure permissions or with a guessable filename.

[edit] Dependencies

[edit] Contingency Plan

[edit] Documentation

[edit] Release Notes

[edit] Comments and Discussion