So the good news is VMware has a built in updater, and even better the server it uses to query for information is SSL/TLS enabled. The bad news is they are using Akamai with an insecure configuration: 
A quick note: Akamai is a huge content delivery network (CDN) used by many vendors to deliver content and software updates to end customers. Some pretty insecure configurations of SSL and TLS are supported by Akamai for the simple fact that there is still a lot of old software/clients out there, which Akamai’s customers want to support. As you can see here if you query https://www.ssllabs.com/ssltest/analyze.html?d=softwareupdate.vmware.com they use an Akamai certificate: 
Nothing wrong so far, but when you look at the versions of the SSL protocol that are supported they have left SSL 2.0 enabled, and they have also left weak ciphers including several 40 bit ones enabled: 
This makes an SSL downgrade attack trivial for an attacker as 40 bit keys can be broken in near real time now with even a remotely powerful computer that has a GPU. Using this an attacker can man in the middle your upgrade session and tell the client no updates are available (forcing you to remain on an older version with security issues), or potentially send you a malicious update. I haven’t looked at the guts of the VMware updater, for all I know they may use additional protections like secure signing of the update software itself, but let’s hope they do, because the communication channels it is sent over are not very secure. The good news is that fixing this is easy, VMware just needs to make sure their updater software supports TLS and secure ciphers (which if they’re using an even moderately up to date library won’t be a problem), and they need to update their Akamai configuration to exclude SSL 2.0 and the weak ciphers.
VMware update insecurity
April 16, 2013SSD Failure modes
March 30, 2013So everyone constantly talks about SSD failure modes and how they die suddenly with no warning and blah blah blah (honestly: everything dies, and sometimes the building burns down, so make sure you have off site backups). But here is an interesting failure mode I found this week. I have two older Intel 80GB SSD’s in a RAID 0 configuration I use for scratch space (e.g. unpacking the Linux Kernel and grepping for stuff). But the RAID 0 array was suddenly very very slow. Since I was retiring that machine anyways I had to wipe it, so I popped in the DBAN disk and started wiping all the drives. It said it would take 79 hours, which seemed a bit excessive:
DBAN screen showing two identical SSDs being wiped with very different results.
That’s right, you may have missed it, I did the first time, there’s no “K” in the speed listing for the first SSD. It’s writing at 559240 BYTES/second, not Kilobytes. The second drive is writing at a reasonable ~56.5 Megabytes/sec but the first one is writing at 0.53 Megabytes/sec, about 100 times slower. This certainly explains why my RAID 0 was behaving so badly. The kicker is there are not write or read errors off of that first drive, it’s just really, really slow. So I guess the lesson to be learned is you should check if your RAID card/software can tell you drive specific statistics or periodically read/write test your SSD’s individually if things start behaving oddly.
Make Money Fast with BitCoin!
March 20, 2013So I noticed these ads at slashdot.org: http://butterflylabs.com/landing/landing-ls.php these are high speed crypto devices designed to mine BotCoins. They literally make money, fast. But if they are actually capable of mining BitCoins cost effectively why is the company selling them? Wouldn’t it make more sense to simply run them and harvest the BitCoins themselves?
I did some back of the envelope math and they don’t look that cost effective (unless the price of BitCoins rise, but of course then all bets are off and in theory an Arduino would be cost effective). So I can only conclude that while this is some potentially cool technology it is not cost effective. If was going to try and make money with BitCoins, I would buy a ton of BitCoins, then sell them rapidly to crash the price (since the BitCoin market is still not terribly liquid) and then buy as the price bottoms out. Or I’d hack an exchange and steal a ton of BitCoins. Much like a Casino the only way to reliably mask money with BitCoins is to cheat.
Also if you want to get into BitCoins (beyond cheating/speculating) I suggest you read about deflationary spirals: https://en.bitcoin.it/wiki/Deflationary_spiral
All in all considering that BitCoins are wholly unregulated, the exchanges keep getting compromised, and the long term deflationary issues I would imagine that most of us are better off investing in pretty much anything other than BitCoins.
New techniques in spam from the Harvard Business Review (HBR)
March 1, 2013No this isn’t about an article in the Harvard Business Review (HBR), this is actually about spam from the Harvard Business Review. A long time ago I signed up for a year since I got one of those “get the magazine for $19.95 a year” offers and figured why not. I then cancelled at the end since I didn’t find the magazine terribly interesting or forward looking (it seems to mostly reflect an entrenched view of business/law that while useful for existing managers is not terribly education, unlike say the Economist which I still read).
So what’s this new spam technique from the Harvard Business Review? Well they sent me an email, informing me that I had not completed an order at their online store and that my shopping cart still had items in it. This is a pretty clever social engineering technique, they’re prompting you and leading you to believe that you had meant to renew your Harvard Business Review subscription and obviously got distracted or something so you might want to finish the process and send them some money. Except I hadn’t been shopping on their web site (my subscription lapsed a few years ago).
So I went to unsubscribe (who knows, they might actually stop emailing me), but that part of the process was also engineered to make it difficult, first step: make the person enter their email address rather then filling the form (and they know the email address, I mean they just spammed me):
But then the piece de resistance:
Up to 10 days to remove you from a mailing list. What. The. Fuck? So yeah, the moral of the story is use the “spam” button in your mail client and deep six all the crap Harvard Business Review is going to try sending you.
Google Chrome and Kerberos on Linux
November 24, 2012So we all know you can enable Kerberos by adding the “–auth-server-whitelist” to the command line:
google-chrome --auth-server-whitelist="*.example.org"
But you can also make it permanent. Simply create a directory (in Linux) called /etc/opt/chrome/policies/managed/ and within it drop a json file such as example-corp.json with the following contents:
{ "AuthServerWhitelist": "*.example.org",
"AuthNegotiateDelegateWhitelist": "*.example.org" }
And voila, no need to fiddle the command line options every time you start Chrome. Plus as an administrator you can simply deploy that file automatically across all your workstations and not have to bother the users, things will just work.
Circuit and Logic Simulators
September 27, 2012These look like fun
- Andreas Tetzl’s Logic simulators: http://www.tetzl.de/java_logic_simulator.html
- Atanua: http://sol.gfxile.net/atanua/index.html
- Board Drawing: http://3d2f.com/programs/84-182-board-drawing-download.shtml
- Circuitlab: https://www.circuitlab.com/
- Circuit Maker: http://my.ece.ucsb.edu/bobsclass/2C/Simulation/circuit_maker.htm
- Circuit Simulator Applet: http://www.falstad.com/circuit/
- DesignWorksMac: http://www.capilano.com/dwm45.html
- Hades Simulation Framework: http://tams-www.informatik.uni-hamburg.de/applets/hades/webdemos/index.html
- Linear Technology: http://www.linear.com/designtools/software/
- Logic Friday: http://sontrak.com/index.html
- Logic Lab: http://www.neuroproductions.be/logic-lab/
- Logic.ly: http://logic.ly/
- Logisim: http://ozark.hendrix.edu/~burch/logisim/
- MMLogic: http://www.softronix.com/logic.html
I wonder if there any good ones for the iPad.
How not to post log information, or why I shred every piece of paper I touch
July 4, 2012So this thread just came to my attention: http://comments.gmane.org/gmane.mail.postfix.user/227441
Email 1
Feb 6 10:41:22 D1SNX682RL postfix/smtpd[3693]: connect from unknown[155.14.132.36]
Feb 6 10:41:23 D1SNX682RL postfix/smtpd[3693]: 20C453E00C0: client=unknown[155.14.132.36]
Feb 6 10:41:23 D1SNX682RL postfix/cleanup[10313]: 20C453E00C0: warning: header Subject: RE: RE: RE: RE: RE:// FOLLOW UP // HBL SCREENSHOT // FINAL SI & HBL // E.R FREMANTLE 087 // HIBLOW from unknown[155.14.132.36]; from=<MANILA_DOCS <at> APL.COM> to=<crm_email_archive_apl <at> apl.com> proto=ESMTP helo=<nol.com.sg>
Feb 6 10:41:23 D1SNX682RL postfix/cleanup[10313]: 20C453E00C0: message-id=<ADR37000000104995 <at> nol.com.sg>
Feb 6 10:44:27 D1SNX682RL postfix/smtpd[3693]: lost connection after DATA (437492 bytes) from unknown[155.14.132.36]
Feb 6 10:44:27 D1SNX682RL postfix/smtpd[3693]: disconnect from unknown[155.14.132.36]
Followed by:
please at least remove from this site , there is security audit going on in my organisation i dont want to maintain this thread , please remove this .
Whoops. You may have noticed in my previous posting “Fedora 16 and Red Hat on EC2 with Sendmail using SMART_HOST with authentication” I took the time to sanitize all the IPs and hostnames presented in the examples. It was a bit of a chorse (running search and replace is simple, but reading the results three times to ensure nothing was missed is tedious), but it’s worth it. Would the information aid an attacker? A little bit. There are other ways to find this out as well (error messages from servers, etc.).
But the reason I do it is simple: if you ALWAYS sanitize information then you won’t run into a situation where you decided not to sanitize the information and later turned out to be wrong. This is exactly why I shred every single piece of paper I touch before throwing it out. Do I need to shred the envelopes my bills come in? They have no personal information/etc., they could conceivably be used to determine which banks/companies I deal with, and how much I deal with them, but I’m not overly worried about that (anyone taking the time to go through all my trash can find this out other ways). No the reason I shred everything, including envelopes is so that I never have to worry about throwing something away sensitive. Also I don’t have to spend any time/effort deciding if something needs shredding or not, it all automatically goes into a pile, and when I’m bored I feed the shredder (I actually find it oddly fun…).
Making Fedora 17 + Gnome 3 work – you can’t, it’s completely broken
June 1, 2012Update (June 6, 2012): Gnome 3 is actually a LOT more broken than I previously thought. I have since found more problems that basically make it near impossible to configure sanely, if at all.
So to put it bluntly the Gnome 3 changes suck if you use more than one application at a time and especially if you use more than one monitor as well. Having to move the mouse over to the top left constantly to show windows/applications so you can bring another window to the front or launch an application. I typically have 5-10 (sometimes 20) xterms open (most SSH’ed in to remote hosts), at least two web browser (Firefox and Chrome, more if I have a lot of tabs open so I can actually read the titles on the tabs, a not uncommon occurrence), my mail client, and my IRC client at a bare minimum.
In other words the Fedora 17 + Gnome 3 defaults completely suck for me (and I suspect many others).
Step 1) getting my minimize and maximize buttons back:
You’ll need the UI tweak tool:
yum install gnome-tweak-tool
and then run it and go to “Shell” and then pick the “Arrangement of buttons on the titlebar” and select “All”:
which will put them on the right hand side ala Windows / Gnome 2
Step 2) getting a taskbar
I like the taskbar, most of us have been using the taskbar since Win95, and in my case since OS/2 (yeah, that was an interesting dead end OS), and most versions of Linux copied it early on because, well, it works quite well.
yum install tint2
and then have it autostart, run the gnome-session-properties program:
gnome-session-properties
and add it in:
Step 3) A dock bar for launching programs
Being able to launch applications quickly is kind of useful. A dock bar with icons is about as good as it gets.
yum install gnome-shell-extension-dock.noarch
and then .. I’m not sure, I logged out and back in and Gnome failed to load. Removing the dock extension appears to have addressed it. sigh. The good news is that Fedora 16 will be supported for another 6 months.
Added June 6, 2012:
Step 4) Customizing icon launch properties
So I also need some of my icons to have customized command line options. Usually this is easy, you right click, and change the properties of the icon such as the “command” or “execute” line. For example if you want to launch the Google Chrome web browser with Kerberos 5 support you need something like:
google-chrome --auth-server-whitelist="*.example.com"
So doing this should be easy right, simply choose icon properties… hrmm.. that isn’t available. Just “New Window” and “Add to favorites”. Ok, maybe there is an application to do this, aha, “alacarte” which is “a graphical menu editor that lets you edit, add, and delete menu entries.” This should be perfect, just install it:
yum install alacarte
and run it. Nope, it’s broken “ImportError: No module named gmenu”. Now Debian has a package called “python-gmenu” which is “an implementation of the freedesktop menu specification for GNOME”, but there doesn’t appear to be such a package for Fedora.
Worse, the alacarte program has been broken, since August of 2011: https://bugzilla.redhat.com/show_bug.cgi?id=734442 so I wouldn’t exactly hold my breath.
So if you want to customize an icon to include command line options you’ll need to copy the icon file data into your home directory and edit it by hand, this is best described at http://superuser.com/questions/304271/commandline-options-in-gnome-3-launchers and the short version is:
copy the file from /usr/share/applications/ to ~/.local/share/applications/ and modify the “Exec=” line.
Fedora 16 and Red Hat on EC2 with Sendmail using SMART_HOST with authentication
May 14, 2012So I have a bunch of servers hosted on Amazon EC2 running Red Hat Linux / Fedora. Most of them are web front ends, so they need to be able to send email (alerts, status reports, etc.) but I don’t want to have to request that the email limit be increased on each server (as they come up and down a lot as demand requires).
So my obvious thought was to run an EC2 instance that would act as an email relay for all these servers. Easy enough, install a host with Sendmail, and allowing relaying. The trick here is that I don’t want to have to edit the access file every time a new host comes up or leaves as the level of IP address churn is quite high. So we enable email authentication, and pre-load EC2 images with the credentials to relay email through the server and we’re done.
So, foolishly, I thought I’d skip SMTP, and go straight to TLS encrypted SMTP (port 465), and require authentication. This way all the communications, email, authentication credentials and so on are well protected.I setup the Sendmail server, and tested it using Thunderbird, TLS+auth worked perfectly. However on the Sendmail client server side it did not work well, in fact I was unable to get it working at all, so if anyone knows how I’d love to hear from you.
Setting up the Sendmail Server with encryption and authentication
You’ll need to install sendmail and sasl:
yum install sendmail-cf cyrus-sasl-plain cyrus-sasl-md5 cyrus-sasl-gssapi cyrus-sasl-lib cyrus-sasl-devel cyrus-sasl
and enable / start it:
systemctl enable saslauthd.service systemctl enable sendmail.service systemctl start saslauthd.service systemctl start sendmail.service
Then you’ll need to edit /etc/mail/sendmail.mc, make sure these two lines are not commented out (they are by default):
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
and then enable submission:
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
Then you’ll need to enable encryption certificates:
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/CA_bundle.pem')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/server.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/private/server.key')dnl
and you’re basically done. Simply rebuild the sendmail configuration and restart it:
/etc/mail/make systemctl restart sendmail.service
You’ll then need to ensure port 587 is not firewalled (either on the local system or in your EC2 security groups), and you’ll have to create local accounts with passwords so the clients can authenticate against them (e.g. create a user called “mail-relay” with a password and lock the account down).
You can easily test the server using an email client such as Thunderbird.
Setting up the Sendmail Client Server with encryption and authentication
First you’re going to need Sendmail and the syrus-sasl-plain rpms installed. The really annoying part is if you don’t install the cyrus-sasl-plain package email connections will fail, but the log files are less than helpful when this occurs:
May 20 23:22:48 ip-10-242-49-173 sendmail[9890]: q4L3MmFP009890: client.example.org [10.1.2.3] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
To install the rpms simply:
yum install sendmail-cf cyrus-sasl-plain
So now to setup the client. This is woefully documented and there is a ton of conflicting information. To start with install the same sendmail and sasl packages as above. Then you’ll need a standard SMART_HOST entry line, but with the added options of telling it to use port 587 (submission) and a link to the file with the authentication information:
define(`SMART_HOST', `smarthost.example.org')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587') define(`ESMTP_MAILER_ARGS', `TCP $h 587') FEATURE(`authinfo',`Hash -o /etc/mail/authinfo.db')dnl
You’ll also need to create an /etc/mail/authinfo file with contents such as:
AuthInfo:smarthost.example.org "U:user_name" "P:password_here" "M:PLAIN"
and build it using the makemap program:
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
You can then restart sendmail and it should work, the log file from the client sendmail server:
May 14 02:51:01 ip-10-10-10-10 sendmail[3188]: q4E6p1aq005188: from=ec2-user, size=297,, nrcpts=1, msgid=<201205140651.q4E6p1aq003188@ip-10-10-10-10.ec2.internal>, relay=root@localhost May 14 02:51:01 ip-10-10-10-10 sendmail[3189]: q4E6p12W003189: from=<ec2-user@ip-10-10-10-10.ec2.internal>, size=577,, nrcpts=1, msgid=<201205140651.q4E6p1aq003188@ip-10-10-10-10.ec2.internal>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] May 14 02:51:01 ip-10-10-10-10 sendmail[3188]: q4E6p1aq003188: to=kurt@seifried.org, ctladdr=ec2-user (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30297, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (q4E6p12W003189 Message accepted for delivery) May 14 02:51:01 ip-10-10-10-10 sendmail[3191]: STARTTLS=client, relay=smarthost.example.org., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 May 14 02:51:02 ip-10-10-10-10 sendmail[3191]: q4E6p52W003189: to=<kurt@seifried.org>, ctladdr=<ec2-user@ip-10-10-10-10.ec2.internal> (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120577, relay=smarthost.example.org. [1.2.3.4], dsn=2.0.0, stat=Sent (q4E6p1ZE001355 Message accepted for delivery)
And on the server:
May 14 02:49:48 ip-1-2-3-4 sendmail[1349]: STARTTLS=server, relay=ec2-1-2-3-4.compute-1.amazonaws.com [1.2.3.4] (may be forged), version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256 May 14 02:49:48 ip-1-2-3-4 sendmail[1349]: AUTH=server, relay=ec2-1-2-3-4.compute-1.amazonaws.com [1.2.3.4] (may be forged), authid=email-client, mech=PLAIN, bits=0 May 14 02:49:48 ip-1-2-3-4 sendmail[1349]: q4E6nmgg001349: from=<ec2-user@ip-10-10-10-10.ec2.internal>, size=795,, nrcpts=1, msgid=<201205140649.q4E6nmdE003182@ip-10-10-10-10.ec2.internal>, proto=ESMTP, daemon=MSA, relay=ec2-1-2-3-4.compute-1.amazonaws.com [1.2.3.4] (may be forged) May 14 02:49:49 ip-1-2-3-4 sendmail[1354]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128 May 14 02:49:49 ip-1-2-3-4 sendmail[1354]: q4E6nmgg001349: to=<kurt@seifried.org>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120795, relay=aspmx.l.google.com. [173.194.68.26], dsn=2.0.0, stat=Sent (OK 1336912345 gs11si19555555aaa.999)
As you can see the email comes in, and is then handed off to gmail.
Creating temporary files securely
March 14, 2012Creating temporary files is a common use case in virtually every program. Virtually every programming language has a simple and secure way to create temporary files. Sadly many programmers fail to use them, creating security vulnerabilities in their applications. So in alphabetical order here is a list of programming languages and how to create a temporary file securely. If I’m wrong, please let me know. Note: when searching for a secure temporary file creation function/method/etc. looking for “mkstemp” is a quick way to find most of them. Please note a lot of sites (e.g. http://rosettacode.org/wiki/Secure_temporary_file) contain old/wrong information.
O_CREAT and O_EXCL (and similar)
When opening a temporary file in C you MUST use O_CREAT and O_EXCL together to ensure that the file is only created if the file does not exist. Otherwise between the time you check for the existence of a file and the time you create the file an attacker may be able to create a file with the same name. The good news here is that virtually every secure temporary file creation function/library does this or an equivalent option. To quote mkstemp():
The mkstemp() function shall replace the contents of the string pointed to by template by a unique filename, and return a file descriptor for the file open for reading and writing. The function thus prevents any possible race condition between testing whether the file exists and opening it for use.
Why “unique” names are not enough, but are generally not a huge problem
People often think that creating a file with a “unique” name in /tmp (e.g. “/tmp/myprogram-output.log”) is sufficient to safely create a temporary file. However if you create the file with a known or easily guessed name (e.g. a static name set in the source code or a config file) an attacker can create the file first and then your application will be unable to, creating a denial of service condition potentially.
However the names don’t have to be terribly unique. For example if you use mkstemp() with 10 random characters (the default) gives on the order of 839,299,365,868,340,224 possible file names. Any attacker able to create enough files to force a collision of the name would be able to fill up the /tmp directory in any event (unless you have an absurdly large /tmp directory that is several exabytes in size, which won’t be a problem for some time).
Unexpected temporary files
It should also be noted that many programs create temporary files. Text editors and other file editors may create temporary file saves in /tmp or /var/tmp and so on.
The problem with $TMP, $TEMP, $TMPDIR, $TEMPDIR and so on
One note: if you’re going to use environmental variables you’d better make sure you sanitize them and ensure they aren’t overly long. User controlled environmental variables are just that, user controlled. I can’t find a good set of libraries or code to sanitize these variables before use, if anyone knows of such a thing please contact me (kurt@seifried.org).
Bash
Simply use “mktemp” (“man mktemp” for details). Use “-d” or “–directory” for creating directories.
C
use mkstemp() (“man mkstemp” for details) for files
use mkdtemp() (“man mkdtemp” for details) for directories
tmpfile() is another option - Creates a temporary binary file, open for update (wb+ mode — see fopen for details). The filename is guaranteed to be different from any other existing file.
C++
use mkstemp() (“man mkstemp” for details)
use mkdtemp() (“man mkdtemp” for details) for directories
tmpfile() is another option - Creates a temporary binary file, open for update (wb+ mode — see fopen for details). The filename is guaranteed to be different from any other existing file.
On Windows use GetTempPath() and GetTempFileName () (same names in C#)
C#
Path.GetTempFileName() http://msdn.microsoft.com/en-us/library/system.io.path.gettempfilename(v=vs.80).aspx
Cocoa
http://stackoverflow.com/questions/215820/how-do-i-create-a-temporary-file-with-cocoa
Java
use java.io.File.createTempFile() – some interesting info at http://www.veracode.com/blog/2009/01/how-boring-flaws-become-interesting/
for directories there is a helpful posting at http://stackoverflow.com/questions/617414/create-a-temporary-directory-in-java
Java 7
for files use java.io.File.createTempFile()
for directories use createTempDirectory()
http://docs.oracle.com/javase/7/docs/api/java/nio/file/Files.html
Lisp
nodejs
http://stackoverflow.com/questions/7055061/nodejs-temporary-file-name
Perl
use mkstemp()
http://perldoc.perl.org/File/Temp.html#MKTEMP-FUNCTIONS
Python
Simply use “mkstemp” for files and “mkdtemp” for directories from the “tempfile” module:
http://docs.python.org/library/tempfile.html#tempfile.mkstemp
QT
use QTemporaryFile for files:
http://qt-project.org/doc/qt-4.8/qtemporaryfile.html
use for QTemporaryDir directories:
http://qt-project.org/doc/qt-5.0/qtemporarydir.html
Ruby
use Tempfile for files:
http://www.ruby-doc.org/stdlib-1.9.3/libdoc/tempfile/rdoc/Tempfile.html#method-c-new
use tmpdir for directories (require ‘tmpdir’ and then you can “Dir.mktmpdir”):
http://www.ruby-doc.org/stdlib-1.9.3/libdoc/tmpdir/rdoc/index.html
Making per user /tmp directories
Using PAM you can also make per user /tmp directories using polyinstantiation http://www.ibm.com/developerworks/linux/library/l-polyinstantiation/
If you have a system with many users (e.g. a shell server or web host) this is a great way to avoid the whole /tmp mess at the system level rather than trying to ensure your applications are properly written.
Monitoring /tmp for activity
So how can we be sure our changes work and temporary directories and files are being created safely? Conversely how can we monitor /tmp to watch for programs that use /tmp improperly or in unsafe ways? Linux has an inotify subsystem that allows you to monitor a file(s) or directory(s) (including recursively) for file and directory related activity (creation, deletion, modification, etc.). The downside of inotify is that, as far as I can tell, there is no way to list which process was responsible (so if you have a large application and multiple applications running it may be difficult to track down which one specifically created the file/etc.
To use inotify use either the “inotify-tools” or “pyinotify” programs, I prefer pynitofy, the output is really easy to read:
# /usr/bin/pyinotify /tmp/ <Event dir=True mask=0x40000100 maskname=IN_CREATE|IN_ISDIR \ name=foo.ooCHP2tb1adt path=/tmp pathname=/tmp/foo.ooCHP2tb1adt wd=1 >
You can also use SELinux, running permissive mode simply disable all access to /tmp and then run your application(s). The log files will show any accesses of /tmp including the process information.
