ecryptfs-devel team mailing list archive

Thread
Date

Re: [PATCH] mount.ecryptfs_private/umount.ecryptfs_private counter

To: Michael Halcrow <mhalcrow@xxxxxxxxxx>
From: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
Date: Fri, 17 Oct 2008 09:57:57 -0500
Cc: ecryptfs-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20081017143608.GB7760@halcrowt61p.halcrow.us>
Organization: Canonical
Reply-to: kirkland@xxxxxxxxxxxxx

On Fri, 2008-10-17 at 09:36 -0500, Michael Halcrow wrote:
> On Fri, Oct 17, 2008 at 01:30:57AM -0500, Dustin Kirkland wrote:
> > +		asprintf(&f, "/tmp/%s-%s-%s", FSTYPE, u, PRIVATE_DIR) < 0
> 
> Because this file maintains system-level state information and is
> shared among multiple processes (with locking), I would prefer to see
> it somewhere under /var (e.g., /var/ecryptfs/).

I carefully considered /var/run/ecryptfs/, for the reasons you
mentioned, as well as the fact that /var/run is a ramfs in Ubuntu at
least.

However, filesystems under /var are usually usually not writable by
non-privileged users.

I could have moved the file reading/writing code into the setuid section
of the program, but that seemed unnecessary.

Rather, I set the umask appropriately such that the file would be owned
by the executing user and perm'd 700.

I also see a number of other, similar looking state files and
directories in my freshly booted /tmp:

        kirkland@t61p:~$ ls -alF /tmp/
        total 108
        drwxrwxrwt 13 root     root         300 2008-10-17 09:51 ./
        drwxr-xr-x 16 root     root       14260 2008-10-17 09:40 ../
        drwx------  2 kirkland kirkland      60 2008-10-17 09:31 .esd-1000/
        drwx------  2 kirkland kirkland      40 2008-10-17 09:31 .exchange-kirkland/
        drwxrwxrwt  2 root     root          60 2008-10-17 09:31 .ICE-unix/
        drwx------  2 kirkland kirkland     100 2008-10-17 09:31 keyring-06R4tk/
        drwx------  2 kirkland kirkland     680 2008-10-17 09:43 orbit-kirkland/
        drwx------  2 kirkland kirkland      40 2008-10-17 09:48 plugtmp/
        drwx------  2 kirkland kirkland      80 2008-10-17 09:31 pulse-kirkland/
        -r--------  1 kirkland kirkland 2097192 2008-10-17 09:31 pulse-shm-2443803503
        drwx------  2 kirkland kirkland      60 2008-10-17 09:31 seahorse-hCFW5G/
        drwx------  3 kirkland kirkland      80 2008-10-17 09:31 Tracker-kirkland.7414/
        drwx------  2 kirkland kirkland      40 2008-10-17 09:31 virtual-kirkland.K2QPDu/
        -r--r--r--  1 root     root          11 2008-10-17 09:03 .X0-lock
        drwxrwxrwt  2 root     root          60 2008-10-17 09:03 .X11-unix/




:-Dustin

Attachment: signature.asc
Description: This is a digitally signed message part

References

[PATCH] mount.ecryptfs_private/umount.ecryptfs_private counter
From: Dustin Kirkland, 2008-10-17