Re: Insecure admin scripts with /tmp temp files
Philip Hands <firstname.lastname@example.org> wrote:
>How about standardising on something like a directory in /tmp
> [root] palm:~# ls -ld /tmp/root
> drw------- 2 root root 1024 Jul 31 11:14 /tmp/root
>This could be extended to other users, with a program to safely create the
>directory if it does not already exist. This still allows the /tmp area to be
>cleared out at bootup, and so gets rid of leftover files.
I think this is a good idea. I've been thinking of similar things myself...
Such a directory is much easier to implement than to try fixing all programs
that root could conceivably use "naïvely".
Perhaps we should also set TMPDIR to point to that directory, if it exists
-- at least for root, possibly for all users. Another possibility is to
create $HOME/tmp for all users, but automatic cleanup and partitioning
don't work well with that scheme...
Perhaps /tmp/users/username would be a better choice than /tmp/username, to
avoid excessive cluttering of /tmp.
I guess this is a policy question, so followup to debian-policy, please...
-=- Rjs -=- email@example.com, firstname.lastname@example.org
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .