[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an inse
|
From: |
david |
|
Subject: |
Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way |
|
Date: |
Tue, 25 Feb 2003 17:00:41 +0100 |
|
User-agent: |
Mutt/1.4i |
On Tue, Feb 25, 2003 at 03:30:38PM +0100, Joris van der Hoeven wrote:
>
> Maybe that this is indeed a good idea: creating a directory
> ~/.TeXmacs/system/tmp for all temporary files and give this
> directory very restrictive permissions. We might even give
> restrictive permissions to the whole ~/.TeXmacs directory.
That does make some kind of sense... obviously we do not want TeXmacs
to run scheme files, package files with 'extern' primitives or TeX
commands whose name are stored in world writable documents...
I do not think that anybody is currently using a collaborative
development process for TeXmcas customizations, so restricting write
access on files and directories in ~/.TeXmacs should not be harmful.
However, I do not think that restricting read access or 'directory
execution' privilege would be a good thing. If I was on a network, I
would like my co-workers to freely peek in my customizations.
Also, I made ~/.TeXmacs/texts a symlink to '.' (actually
"~/.TeXmacs/") because I do not use that location to store actual
files and it makes it easier for me to access other subdirs of
~/.TeXmacs.
The only good reason I see not to put temporary files in "~/.TeXmacs",
is that on big systems, the admin will typically tune differently the
filesystems of /home and of /tmp. Also, using /tmp ensures that
garbage is periodically cleant by the system.
By the way, it seems that TeXmacs already use ~/.TeXmacs as a
repository for temporary files, mostly cached stuff. I hate that kind
of thing. Storing cache in $HOME (as Navigator does) cause backups
tools to copy a lot of junk if they are not configured specifically to
avoid that.
The rule is "use home for user-specific documents, tools and
configuration", not for application-specific cruft.
However, I find no reason (excepted potential portability issues) not
to use mkdtemp to create a private directory in /tmp.
There are indeed some situations when being unsafe in a private
directory is bad (mostly, that involves running setuid). But short of
tremendously unsafe user practice, I cannot see how that can apply to
TeXmacs.
> In fact: why are temporary files so special? As far as I can see
> the security issues would be similarly important for all files
> which we might wish to create...
That is a very good question, indeed...
IANASE (I Am Not A Security Expert) but I guess the issue is twofold:
-- temporary files ought not be created in $HOME were things are
safer.
Actually, some sysadmins actually create one directory /tmp/$USER
for each user (with additional NFS trickery), so they get the
security of files created in $HOME for every tool and they get
temp files to be created in the right filesystem.
-- temporary files are processed in a compelety automated way. That
automatic processing makes it possible to use brute force attacks
when the created file name is predictable. Also, their content is
trusted (well, the software just created it, so it assumes the
contents are safe). The point is that files which are trusted
without user intervention must be *really* safe.
No software can prevent unsafe user practice to cause security
breaches, but software must avoid unsafe practices, esp. in
things which happen behind the scenes without the user knowing.
Unsafe temporary file handling is *not* a breach by itself, but
it is unsafe practice.
-- Bottom line --
I think the right solution for TeXmacs is using mkdtemp to create a
private directory in /tmp and have an exit handler clear it. For
debugging purpose it might be useful to have an option to disable the
exit handler.
For additional safety we may check that all files and directories in
.TeXmacs are only writable by the user, and refuse to run otherwise.
Hope this helps.
--
David Allouche | GNU TeXmacs -- Writing is a pleasure
Free software engineer | http://www.texmacs.org
http://ddaa.net | http://alqua.com/tmresources
address@hidden | address@hidden
TeXmacs is NOT a LaTeX front-end and is unrelated to emacs.
- [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, Joris van der Hoeven, 2003/02/25
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way,
david <=
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, Joris van der Hoeven, 2003/02/25
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, david, 2003/02/26
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, Joris van der Hoeven, 2003/02/26
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, david, 2003/02/26
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, Ralf Treinen, 2003/02/26
- Re: [Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way, Nix N. Nix, 2003/02/26