openstack team mailing list archive

[Johannes Erdfelt <johannes@xxxxxxxxxxx>]

On Mon, Jul 02, 2012, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote:
> In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely
> must not create any sizeable files on /tmp.
> 
> In addition from a security POV, we must aim to *never* use /tmp for
> anything at all
> 
>   http://danwalsh.livejournal.com/11467.html

I take exception to that. Saying *never* is incorrect.

You (and that blog post) say that we should *never* use /tmp for
security reasons, but don't go on to explain why using mkstemp or
mkdtemp is a security problem.

Even the glibc documentation says they are safe wrt to security issues:

http://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html

> It would be good to do a thorough audit of the code to make sure
> nothing is using the tmpfile functions without explicitly specifying
> a directory path that is private to the OpenStack daemon in question.

Not using /tmp for large files is a good reason for practical reasons
(distributions moving to ramfs for /tmp).

But please don't start throwing around warnings that all uses of /tmp
are a security risk without backing that up.

JE