make symlink attacks and other /tmp based attacks harder or impossible using libpam-tmpdir

So let’s install https://packages.debian.org/buster/libpam-tmpdir by default?

automatic per-user temporary directories

Many programs use $TMPDIR for storing temporary files. Not all of them are good at securing the permissions of those files. libpam-tmpdir sets $TMPDIR and $TMP for PAM sessions and sets the permissions quite tight. This helps system security by having an extra layer of security, making such symlink attacks and other /tmp based attacks harder or impossible

1 Like

I’m not entirely sure how that works or how it would help. Don’t most programs just use /tmp?

Doesn’t seem to install properly for me.

1 Like

Most programs use mktemp, I think, I hope? Or some sort of API around it? The are not supposed to have their own logic of creating a temp folder. That is supposed to be abstracted and secure.

As far as I understand libpam-tmpdir attempts to make this process more secure by adding per-user temp folder separation.

It sets environment variables TMP and TEMP to /tmp/user/<userid>. These will then be private temp folders.

Not sure that is really needed but might be since systemd also has an instance PrivateTmp=true?








Unfortunately it seems to be incompatible with some Debian packaging tools? Perhaps since this package is rather unpopular? Examples:

dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'.
dpkg-deb: error: failed to make temporary file (control member): No such file or directory
E: pbuilder-satisfydepends failed.

Happening during 1100_prepare-build-machine cowbuilder --create. Perhaps since environment variables user vs root do not match in chroot. Unsetting the TMP / TEMP environment variables and/or installing libpam-tmpdir in chroot does not solve this issue either.

+ /usr/lib/security-misc/apt-get-wrapper -o Acquire::http::Proxy= -o Acquire::https::Proxy= -o Acquire::tor::Proxy= -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Acquire::Retries=3 -o Acquire::BlockDotOnion=false update
+ set -e
+ set -o pipefail
+ set -o errtrace
++ mktemp --directory
mktemp: failed to create directory via template '/tmp/user/0/tmp.XXXXXXXXXX': No such file or directory
1 Like

Ohh. That makes sense. It would be good to install that by default then.

We should contact upstream about the errors.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]