Permissions on /tmp
Michael ODonnell
michael.odonnell at comcast.net
Thu May 23 09:43:39 EDT 2013
> A subdir in /tmp can certainly have my ownership and permissions.
> And I guess they can't delete the directory because it isn't
> empty, but with permissions on the parent directory, can't they
> move it?
Picky, picky, picky. Well, for completeness I suppose we should
mention the "deleted file" trick (not necessarily better than your
flock trick) where your app creates its secret-squirrel file in
/tmp and then deletes it while holding it open. (This trick is
popular with malware eg. the Flash plugin)
Your confederates can identify likely instances of your app using
ps and then verify by reading the secret-squirrel file via the
symlinked handle in /proc/$yourPIDhere/fd. Since the file has
no directory entry it can't be deleted by friend or foe and only
those with appropriate privileges can access it as described,
and all traces vanish upon process termination.
Example:
# echo HiMom > /tmp/SecretSquirrelFile
# sleep 1000 < /tmp/SecretSquirrelFile &
[2] 29570
# rm /tmp/SecretSquirrelFile
# ls -laF /tmp/SecretSquirrelFile
ls: cannot access /tmp/SecretSquirrelFile: No such file or directory
# ls -laF /proc/$(pidof sleep)/fd
total 0
dr-x------ 2 mod mod 0 May 23 08:58 ./
dr-xr-xr-x 8 mod mod 0 May 23 08:57 ../
lr-x------ 1 mod mod 64 May 23 08:58 0 -> /tmp/SecretSquirrelFile (deleted)
lrwx------ 1 mod mod 64 May 23 08:58 1 -> /dev/pts/0
lrwx------ 1 mod mod 64 May 23 08:58 2 -> /dev/pts/0
# readlink /proc/$(pidof sleep)/fd/0
/tmp/SecretSquirrelFile (deleted)
# cat /proc/$(pidof sleep)/fd/0
HiMom
More information about the gnhlug-discuss
mailing list