On Sun, May 23, 2010 at 07:14:21PM +0200, Klistvud wrote:
> Dne, 23. 05. 2010 17:00:09 je Rob Owens napisal(a):
>
>> If /tmp is its own partition, you might consider using ext2 for speed.
>> You could also consider RAID 0, if you have mulitple drives.
>
> A good suggestion, thanx. What about ext4, is it slower or faster than
> ext2?
>
I'm not sure. ext2 has no journal, so I'd assume it's faster, but I
really don't know.

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100523181159.GB5025@aurora.owens.net">http://lists.debian.org/20100523181159.GB5025@aurora.owens.net

On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote:

> Setting the *directory* noexec seems very bad, since the exec bit
> on directories controls the ability to cd to it, and turning that
> off would make it largely useless.

Just for the sake of argument *why* is setting /tmp rw- a bad thing?
Surely if you put a file there, you know the full pathname, why would
you need to list or search /tmp?

Cheers,
Tom

--
There is one way to find out if a man is honest -- ask him. If he says
"Yes" you know he is crooked.
-- Groucho Marx

On Sunday 23 May 2010 18:46:29 Tom Furie wrote:
> On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote:
> > Setting the *directory* noexec seems very bad, since the exec bit
> > on directories controls the ability to cd to it, and turning that
> > off would make it largely useless.
>
> Just for the sake of argument *why* is setting /tmp rw- a bad thing?
> Surely if you put a file there, you know the full pathname, why would
> you need to list or search /tmp?

Well, I don't actually know for sure that it's bad, but it seems
to invite broken-ness.

Recursive Makefiles are notorious for cd-ing all over the place,
but then again, that's usually in the source tree, which may or
may not be in /tmp, depending where you unpacked it.

As a theoretical example, I can easily imagine an installer that
might unpack a set of example configurations into /tmp, and then do
an "ls" to grep out the one that matches the local output of "uname -m"
to select it for further architecture-specific processing. I can easily
imagine myself writing such a thing.

So, I confess "making it largely useless" was hyperbolic, but I still
think it's a bad idea.

-- A.
--
Andrew Reid / reidac@bellatlantic.net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201005231930.17311.reidac@bellatlantic.net">http://lists.debian.org/201005231930.17311.reidac@bellatlantic.net

On Mon, May 24, 2010 at 6:30 AM, Andrew Reid <reidac@bellatlantic.net> wrote:
> On Sunday 23 May 2010 18:46:29 Tom Furie wrote:
>> On Sun, May 23, 2010 at 10:38:48AM -0400, Andrew Reid wrote:
>> > * Setting the *directory* noexec seems very bad, since the exec bit
>> > on directories controls the ability to cd to it, and turning that
>> > off would make it largely useless.
>>
>> Just for the sake of argument *why* is setting /tmp rw- a bad thing?
>> Surely if you put a file there, you know the full pathname, why would
>> you need to list or search /tmp?
>
> *Well, I don't actually know for sure that it's bad, but it seems
> to invite broken-ness.
>
> *Recursive Makefiles are notorious for cd-ing all over the place,
> but then again, that's usually in the source tree, which may or
> may not be in /tmp, depending where you unpacked it.
>
> *As a theoretical example, I can easily imagine an installer that
> might unpack a set of example configurations into /tmp, and then do
> an "ls" to grep out the one that matches the local output of "uname -m"
> to select it for further architecture-specific processing. *I can easily
> imagine myself writing such a thing.
>
> *So, I confess "making it largely useless" was hyperbolic, but I still
> think it's a bad idea.

Hmm. You're talking about why setting -wx on a /tmp is a bad thing: it
will work but it may break some software trying to do ls /tmp, that's
true.
But Tom was asking why it's bad to set rw- which is much much worse
because you need an x on a dir bit not to just cd but to access its
contents in any way.

Example:
salmin@salmin:~$ mkdir dir
salmin@salmin:~$ ls -ld dir
drwxr-xr-x 2 salmin salmin 4096 May 24 11:01 dir
salmin@salmin:~$ echo 123 > dir/a
salmin@salmin:~$ cat dir/a
123

salmin@salmin:~$ chmod 111 dir
salmin@salmin:~$ ls -ld dir
d--x--x--x 2 salmin salmin 4096 May 24 11:01 dir
salmin@salmin:~$ ls -l dir
ls: cannot open directory dir: Permission denied
salmin@salmin:~$ cat dir/a
123

x is set, r is not: can access dir/a but can't read dir contents

salmin@salmin:~$ chmod 444 dir
salmin@salmin:~$ ls -ld dir
dr--r--r-- 2 salmin salmin 4096 May 24 11:01 dir
salmin@salmin:~$ ls -l dir
ls: cannot access dir/a: Permission denied
total 0
-????????? ? ? ? ? ? a
salmin@salmin:~$ cat dir/a
cat: dir/a: Permission denied

r is set, x is not: can read dir contents but can not access dir/a.

That's way we can possibly set -wx on /tmp but setting rw- on any dir
will make it completely unusable.

Alexey


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTikR3nFNxsppr_6LbkVEhSlkRHXjmk7xdykDIBUt@mail .gmail.com">http://lists.debian.org/AANLkTikR3nFNxsppr_6LbkVEhSlkRHXjmk7xdykDIBUt@mail .gmail.com

On Mon, May 24, 2010 at 11:12:18AM +0700, Alexey Salmin wrote:
> On Mon, May 24, 2010 at 6:30 AM, Andrew Reid <reidac@bellatlantic.net> wrote:
> > On Sunday 23 May 2010 18:46:29 Tom Furie wrote:

> >> Just for the sake of argument *why* is setting /tmp rw- a bad thing?
> >> Surely if you put a file there, you know the full pathname, why would
> >> you need to list or search /tmp?
> >
> > *Well, I don't actually know for sure that it's bad, but it seems
> > to invite broken-ness.
>
> Hmm. You're talking about why setting -wx on a /tmp is a bad thing: it
> will work but it may break some software trying to do ls /tmp, that's
> true.
> But Tom was asking why it's bad to set rw- which is much much worse
> because you need an x on a dir bit not to just cd but to access its
> contents in any way.

Oops, -wx is what I was thinking of when I both read and replied to
Andrew's post.

Cheers,
Tom

--
I think you didn't get a reply because you used the terms "correct" and
"proper", neither of which has much meaning in Perl culture. :-)
-- Larry Wall in <199706251602.JAA01786@wall.org>

Rob Owens wrote:

I'm not sure. ext2 has no journal, so I'd assume it's faster, but I
really don't know.


ext4 can be configured not to use a journal nor barriers. There's really no
point in using ext2 these days, I think.


-thib


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4BFAC6F3.8090200@stammed.net">http://lists.debian.org/4BFAC6F3.8090200@stammed.net