From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-878-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 32415 invoked by uid 1002); 4 Jan 2003 09:25:03 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 5360 invoked from network); 4 Jan 2003 09:24:57 -0000
Date: Sat, 4 Jan 2003 10:23:01 +0100
From: Sven Vermeulen <sven.vermeulen@rug.ac.be>
To: gentoo-dev@gentoo.org
Message-ID: <20030104092301.GA1335@Daikan.pandora.be>
References: <3E1611D7.5020400@seaplace.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP"
Content-Disposition: inline
In-Reply-To: <3E1611D7.5020400@seaplace.org>
User-Agent: Mutt/1.4i
X-Operating-System: Linux 2.4.20
X-Telephone: +32 486 460306
Subject: Re: [gentoo-dev] /var/tmp world rwx?
X-Archives-Salt: 7c39386f-0625-45a7-899e-2256a049de38
X-Archives-Hash: 68480d30ac5112d8a00d9319fd74adef

--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 03, 2003 at 04:42:31PM -0600, Kevin N. Carpenter wrote:
> That broke emerge.  The "noexec" option prevents any builds from=20
> working.  That made me check one of my unmodified gentoo systems where I=
=20
> spotted that /var/tmp was world read/execute.  That's a security problem.

Besides the other answers in this thread, you could use quota's so that any
user can use maximum 1 bytes of space in /var/tmp, except for root ofcourse.

ANd euh, don't use tmpfs for /var/tmp if you are not planning on having a
seperate /var/tmp/portage, I know you know it, but perhaps other ppl that a=
re
diagonally reading this thread don't :)

Wkr,
	Sven Vermeulen

--=20
	Fighting for peace is like fucking for virginity.

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Fqf1Xfqz7M26L9sRAv80AJ97lV3RlJuOU+9GrqNNDXY0pB8tcgCfZC6i
CAQdpBxwigaBwHgROb7o7+8=
=NTfX
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--