Re: Uploaded tmpreaper 1.4.8 (source i386) to master
I'm the previous maintainer and part author of `tmpreaper'. (which
descends from Eric Troan's (Red Hat) `tmpwatch' program.)
I am by no means a "security expert", nor a "professional system
administrator"; I am a "beginner programmer wannabee".
I made a statement to the effect that I didn't think you really need
`tmpreaper' on a box that nobody else uses, or where you trust all of
the users, since it seems unlikely to me that anyone would exploit
the race that `tmpreaper' is meant to protect us from.
It occurs to me now that perhaps a trojan horse could set it up... on
a box where the attacker knows that tmp is cleaned by a find command.
I clean tmp by hand on my workstation; that's why I gave `tmpreaper'
away. I'm not using it, and don't admin any machines where it might
be used. (... and I've been spending my time at other things.)
When I debianized it, I used `debmake'. It chose the `optional' or
`extra' for me. I never thought about it really.