PVM package on debian
So I was looking at the PVM package on debian, it's pretty old. The
patch:
http://ftp.debian.org/debian/pool/main/p/pvm/pvm_3.4.2-8.1.diff.gz
applies relatively cleanly to 3.4.4. There is somethings that need
cleaned up, but it looks pretty good.
However there was some security fixes related to the PVM temp files,
like:
#ifdef SHAREDTMP
+#ifndef SAFETMP
#define TDSOCKNAME "/tmp/pvmd.%d.%s"
+#else /* SAFETMP */
+#define TDSOCKNAME PVMTMPDIR "/sock.%s"
+#endif /* SAFETMP */
#else
+#ifndef SAFETMP
#define TDSOCKNAME "/tmp/pvmd.%d"
+#else /* SAFETMP */
+#define TDSOCKNAME PVMTMPDIR "/sock"
+#endif /* SAFETMP */
#endif
It is this entirely necessary? And does this /sock directory allowed in
the Debian Policy? I couldn't exactly tell how this was going to be
implemented to be any safer than /tmp since it generates a tmp file for
each person. Aren't you pretty much safe from /tmp races if you make
/tmp it's own filesystem?
--
Dale Harris
rodmur@maybe.org
/.-)
Reply to: