(Illustration by Gaich Muramatsu)
braam_at_cs.cmu.edu said: | So you want a sticky bit on the directory. Not a bad idea - this is | also quite desirable for email spool directories etc. This is one of | the main problems of the AFS/Coda security model. Where it tries to | diverge from Unix it runs into trouble in system directories like | "mail", "/tmp" etc. where sticky bits are used. But it is pretty easy | to change Coda a little bit and perfectly acceptable, to accomodate | this. For the mail case, deliver mail to the user's home directory (or have a special per user `mail-volume' mounted). For the /tmp case: Have a `sticky' ACL flag to allow users to create and delete directories, without inheriting ACLs from the parent directory. something like: $ cfs la /coda/tmp System:Administrators all System:AnyUser idlS $ mkdir /coda/tmp/jan_test $ cfs la /coda/tmp/jan_test jaharkes all Now if anything is put in the directory, other people definitely cannot remove the directory. Wasn't there also something with security problems related to a hacker placing a symlink in the /tmp directory so that programs creating temp files would either destroy, or remove some vital information (like /etc/passwd). And that most solutions against such an attack actually first create a `secured' directory in /tmp, and put the temporary files in there. JanReceived on 1999-04-29 14:01:42