(Change Proposal ready for 2015-01-28 FESCo meeting (#1403))
(Change rejected on 2015-01-28 FESCo meeting)
|Line 57:||Line 57:|
== Release Notes ==
== Release Notes ==
Latest revision as of 15:32, 29 January 2015
Enable Polyinstantiated /tmp and /var/tmp directories by default
Polyinstantiation of temperary directories is a pro-active security measure, which reduced chances of attacks caused due to the /tmp and /var/tmp directories being world-writable. These include flaws caused by predictive temp. file names, race conditions due to symbolic links etc.
- Name: Huzaifa Sidhpurwala
- Email: email@example.com
- Targeted release: Fedora 22
- Last updated: 05-09-2014
The basic idea is to provide better security to Fedora installs. Though Polyinstantiated /tmp has worked since Fedora 19, its not a single step process to configure it. Secondly people don't really understand its benefits. Because of this having it on by default makes more sense. It is completely transparent to the user, they wont even realize that it has been enabled.
The Red Hat Product Security Team assigns CWE ids to severe flaws (CVSSv2 > 7). Here is a list of severe flaws caused by insecure tmp files
Benefit to Fedora
As mentioned earlier main benefit is to provide more security to the underlying platform with minimum changes.
- Proposal owners:
No work required to be done by proposal owner.
- Other developers:
- Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem)
- Enable namespaces in /etc/security/namespace.conf (packagename: PAM)
- Enable proper selinux context and polyinstantiation_enabled boolean to be set (packagename: selinux-policy-targeted or selinux-policy)
- Release engineering: N/A
- Policies and guidelines: N/A
Everything should continue to work as normal after upgrade.
How To Test
- No special hardware is required.
- Install Fedora 22, with the changes incorporated in the above mentioned packages, create a non-root user, check if everything works as normal.
- Create another user, login as the second user, create some files in /tmp and see if the first user is able to see it.
- Repeat the above step for /var/tmp
No change is user experience, its is completely transparent to the user.
- Contingency mechanism: Poly tmp can be rolled back quite easily, by using the previous versions of packages which provides the old directory structures and old versions of the configuration files (poly tmp is just configuration and a few new directories). In releases earlier gnome-shell had issues with poly tmp, which now seems to be resolved. In any case, by Beta deadline if any blockers exists, we can easily remove this feature, by tagging previous versions of the affected packages, before the final spin.
- Contingency deadline: Beta freeze
- Blocks release? No