[sugar] secure /tmp and /var/tmp

Albert Cahalan acahalan
Wed Nov 7 12:06:21 EST 2007


For ages now, Linux has supported the features required to do
fully private (very secure) /tmp and /var/tmp directories.
It's time to use these features.

First, create a new namespace. As root, do this:

clone(NULL,NULL,CLONE_NEWNS,NULL); // use it like fork()

Next, bind-mount something appropriate onto /tmp and /var/tmp.
Note that /var/tmp ought to survive reboot, so it goes in nand.
Subject to proper error handling and fixes for races and such,
approximate shell commands might be:

mkdir /var/tmp/12345
mount --bind /var/tmp/12345 /var/tmp
mkdir -l /tmp
mount -t tmpfs -o mode=777 tmpfs /tmp
mount --bind /some-empty-dir /something-to-hide

...where "12345" is the UID, perhaps allocated as the PID of
the current (root) process plus 10000.

That's one less portability problem. $(SUGAR_ACTIVITY_ROOT)/tmp
can just go away.



More information about the Sugar-devel mailing list