/tmp on same partition as /

Tom Trelvik ttt at cwru.edu
Fri Feb 11 20:35:41 GMT 2005

Chad Morland wrote:
> In your opinion is having /tmp on the same partition as / really THAT
> bad in this case? I'm just wondering cause some people have mentioned
> that its a major security risk. Really, I don't think it is for what
> this box is doing.

	It's obviously a much bigger security risk on a multiuser machine, but 
even without that being the case, I'm assuming the machine will be 
providing some sort of network service?  Then it can still be a risk 
worth taking into account.

	One or more network services may be making use of /tmp, and if so an 
unauthenticated external user could plausibly find ways to make those 
services max out their usage of /tmp, possibly filling your root 
partition in the process.

	Even without worrying at all about malicious intent, /tmp on / makes it 
very easily to *accidentally* fill your root partition, but'll still be 
a pain for you to have to deal with it if that happens.

	More seriously, a vulnerability could be found in one of those services 
that could depend on files in /tmp being executable (which should never 
be true).  With a separate /tmp partition, you can easily have it 
mounted with the noexec option for an added layer of security, so that 
even if they create a malicious executable in /tmp, they won't be able 
to execute it without moving it to another file system, which would 
probably require they already have shell access, defeating the purpose.


More information about the freebsd-questions mailing list