Monday, April 26, 2010

Get rid of tempfile vulnerabilities with pam_tmpdir

The libpam-tmpdir is a good package to install.
apt-get install libpam-tmpdir
Next you have to do is add the following to /etc/pam.d/common-session:
# Sets $TMPDIR and $TMP for PAM sessions and sets the 
# permissions quite tight. This helps system security 
# by having an extra layer of security, making such 
# symlink attacks and other /tmp based attacks harder 
# or impossible.
session    optional     pam_tmpdir.so

No comments :

Post a Comment