- 1 Feature Name
- 1.1 Summary
- 1.2 Owner
- 1.3 Current status
- 1.4 Detailed Description
- 1.5 Benefit to Fedora
- 1.6 Scope
- 1.7 How To Test
- 1.8 User Experience
- 1.9 Dependencies
- 1.10 Contingency Plan
- 1.11 Documentation
- 1.12 Release Notes
- 1.13 Comments and Discussion
Polyinstantiated Temporary Directories
Polyinstatiate temporary directories for different users to avoid risks comming with insecure tempfile creation. Targetted directories are at least /tmp, /var/tmp and maybe /dev/shm.
- Name: Your Name
- email: <your email address so we can contact you, invite you to meetings, etc.>
- Targeted release: Fedora 29
- Last updated: 2009-05-27
- Percentage of completion: XX%
Benefit to Fedora
It increases the security of a system, because it mitigates insecure tempfile attacks, because users can only access their own temporary directories.
It has to be decided which directories should be polyinstantiated and a configuration for pam_namespace needs to be created. system-config-authentication should get support to enable/disable and configurate this.
X creates sockets in
/tmp/.X11-unix/ which would be better created somewhere in
/var/run. With polyinstatntiated /tmp, this is currently causing problems. An ugly workaround is to synchronize these sockets somehow like it is described in an IBM developerworks article.
How To Test
Login with two user accounts, create a files in each targetted directory as the first user and try to access the files as the other user.
The user should not see or be able to access the created files in the targetted diretories.
Users will see different contents at the targetted directories, which may irritate them when they try to exchange files between two user accounts. On the other hand they are protected in case they create a temporary file with insecure permissions or with a guessable filename.