O'Reilly logo

SELinux Cookbook by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Enabling polyinstantiated directories

On Linux and Unix systems, the /tmp/ and /var/tmp/ locations are world writable. They are used to provide a common location for temporary files and are protected through the sticky bit so that users cannot remove files they don't own from the directory, even though the directory is world writable.

But despite this measure, there is a history of attacks against the /tmp/ and /var/tmp/ locations, such as race conditions with symbolic links and information leakage through (temporary or not) world or group-readable files generated within.

Polyinstantiated directories provide a neat solution to this problem: users get their own, private /tmp/ and /var/tmp/ instance. These directory instances are created upon login ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required