Dennis Peterson wrote: > David F. Skoll wrote: > > Bowie Bailey wrote: > > > > > Then this may be something that could use some explanation. > > > > > Exactly what temp dir setting are you referring to and why should > > > it be changed? > > > > Many (but not all) UNIX programs respect an environment variable > > called TMPDIR that specifies a directory in which to place temporary > > files. This lets you place temporary files in a non-world-writable > > directory. World-writable temporary directories are problematic > > because attackers can precreate symlinks in them and trick unwary > > programs into overwriting important files. > > Just to expand the conversation: > > The clamd.conf file also offers a tmpdir option. I'm using a > directory created specifically for, owned and set ro by the clamav > user. The clamscan program requires you set this at the command line. > Setting a system wide TMPDIR is probably a bad idea - or at least > will not likely correct the problem. It needs to be done on a case by > case basis using shell wrappers which is why it is seldom done. > > The default of /tmp is nice because it is also often a ram-based > pseudo drive and so faster, but also vulnerable to broken processes > that have the potential to leave multiple blobs there but has also > provided for tempfile games.
That makes sense and is something I had not previously considered. It also has the advantage of being easy to configure (for ClamAV, anyway). So excuse me while I go update my configs... :) -- Bowie _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
