[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Insecure admin scripts with /tmp temp files

Philip Hands <phil@hands.com> wrote:
>How about standardising on something like a directory in /tmp
>  [root] palm:~# ls -ld /tmp/root
>  drw-------   2 root     root         1024 Jul 31 11:14 /tmp/root
>This could be extended to other users, with a program to safely create the 
>directory if it does not already exist.  This still allows the /tmp area to be 
>cleared out at bootup, and so gets rid of leftover files.

I think this is a good idea. I've been thinking of similar things myself...
Such a directory is much easier to implement than to try fixing all programs
that root could conceivably use "naïvely".

Perhaps we should also set TMPDIR to point to that directory, if it exists
-- at least for root, possibly for all users. Another possibility is to
create $HOME/tmp for all users, but automatic cleanup and partitioning
don't work well with that scheme...

Perhaps /tmp/users/username would be a better choice than /tmp/username, to
avoid excessive cluttering of /tmp.

I guess this is a policy question, so followup to debian-policy, please...

-=- Rjs -=- rjs@spider.compart.fi, rjs@lloke.dna.fi

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: