Nobody/Anonymous - 2007-08-21

Logged In: NO

The following is a copy of dan's original post:

Daemons "Just say no to using /tmp"
Working on SELinux I get exposed to lots of daemon applications doing evil things. :^(

One of my crusades is to stop daemons from using /tmp. I think the problem here is two-fold,

  1. Inexperienced daemon writer decides he has some files that he wants to temporarily use. In userspace he uses /tmp, so why not just use it for his system application?
  2. Another reason daemon writers do this is to communicate with logged in users. He knows users can write to /tmp, so if he throws a socket or other file out there, there will be no problem communicating with the user.

Many attacks have happened because a careless application writer has written a daemon which writes files to /tmp while running as root.

Just enter "/tmp vulnerabilities" and google responds with 980,000 entries.

System applications creating and writing files/sockets in /tmp, also causes things like pam_namespace to not work well.
Pam_namespace, as I have written about before, can be used to isolate different users on the same system, giving each user his own /tmp. Finally, an issue that is dear to my heart: maintaining proper labeling on all these files being dumped into /tmp is a pain in the butt.

Daemon developers should follow these rules:

* /tmp is for users to store their stuff  not for daemons or any process that is started in the boot process.
* If a daemon wants to communicate with a user then he should do it via /var/run/DAEMON.  
* If you have a daemon that wants its temporarily files to survive a reboot. consider using /var/cache/DAEMON

I am even hoping to finally get X to stop using /tmp.

Maybe someday Kerberos ...

So if you have a daemon that uses /tmp please consider changing it to use a different directory.

Dan