/tmp on same partition as /
Tom Trelvik
ttt at cwru.edu
Fri Feb 11 20:35:41 GMT 2005
Chad Morland wrote:
> In your opinion is having /tmp on the same partition as / really THAT
> bad in this case? I'm just wondering cause some people have mentioned
> that its a major security risk. Really, I don't think it is for what
> this box is doing.
It's obviously a much bigger security risk on a multiuser machine, but
even without that being the case, I'm assuming the machine will be
providing some sort of network service? Then it can still be a risk
worth taking into account.
One or more network services may be making use of /tmp, and if so an
unauthenticated external user could plausibly find ways to make those
services max out their usage of /tmp, possibly filling your root
partition in the process.
Even without worrying at all about malicious intent, /tmp on / makes it
very easily to *accidentally* fill your root partition, but'll still be
a pain for you to have to deal with it if that happens.
More seriously, a vulnerability could be found in one of those services
that could depend on files in /tmp being executable (which should never
be true). With a separate /tmp partition, you can easily have it
mounted with the noexec option for an added layer of security, so that
even if they create a malicious executable in /tmp, they won't be able
to execute it without moving it to another file system, which would
probably require they already have shell access, defeating the purpose.
Tom
More information about the freebsd-questions
mailing list