Summary: | amavisd-new wants to write to /tmp | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Stephen Tallowitz <dev> |
Component: | [OLD] Server | Assignee: | Antivirus Team <antivirus> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Stephen Tallowitz
2004-04-16 16:50:02 UTC
Is /tmp writable by all? (mode 1777) The point I'm trying to make is that I've done a standard installation of gentoo and /tmp was not set to 777 before. I've now changed the mode of /tmp to 777 as a temporary workaround (see my first entry). I'm worried that setting /tmp to 777 is slightly insecure. Is it possible to tell perl where to put it's temporary files for a script? If so, one could then use the variable $TEMPBASE set in amavisd.conf as the temporary directory for all perl related tmp-files of amavisd. Only the user amavisd could then access those temporary files instead of letting any user on the system access the temporary files, because they're in /tmp with permissions 777. not 777 ... 1777. the 1 is crucial for security as it sets the sticky bit. I've now set the permissions to 1777. I didn't know about the "sticky bit", which is the answer to my security-related worries. Still there's this small question if 1777 is the default mode of the /tmp directory in a standard gentoo installation (as it didn't seem to be in my case). yes 1777 is the default mode of /tmp you should have from your stage[123] tarball. |