On Wednesday 21 December 2005 01:27, Gabor Gombas <[EMAIL PROTECTED]> wrote: > On Tue, Dec 20, 2005 at 10:09:43PM +1000, Anthony Towns wrote: > > The other aspect is that /var's the place for stuff that varies during > > normal use; introducing some other place for the same thing is redundant > > and thus more complex. > > The more I think about it, the usage of /run matches /tmp much better > than /var. It is for _temporary_ storage until a better place becomes > available.
Putting system directories under /tmp is a really bad idea, it opens possibilities of race condition attacks by unprivileged users against system processes. Generally for almost everything we should be looking to reduce usage of /tmp rather than increase it. I think that the only time /tmp should be used is when a user of the system specifically requests that a file be stored there - then the user is making the choice and race conditions are difficult to exploit as an attacker usually doesn't know when a user is about to create a file or what the name will be. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
