[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian packages relying on TMPDIR

>>>>> "Shane" == Shane Wegner <shane@debian.org> writes:

    Shane> Hi all, I'm not sure if this has previously been discussed
    Shane> on debian-devel but I haven't found anything.  I have
    Shane> encountered some packages which when started as root and
    Shane> drop privileges rely on the TMPDIR environment
    Shane> variable. That is $TMPDIR must be writable.  This is a
    Shane> problem here as I'm sure it is on other systems.  I have my
    Shane> $TMPDIR set to /root/.tmp for security and that directory
    Shane> is mode 0700. If I upgraded MySQL for example and dpkg
    Shane> restarts it, it inharits my secure TMPDIR but MySQL drops
    Shane> root privilege and cannot write to it.

    Shane> I am wondering if it is my responsibility as a user to
    Shane> clear TMPDIR on a dist-upgrade, the init.d script to clear
    Shane> it or the upstream program to check to see if it's writable
    Shane> and use /tmp if not.

Just my two initial thoughts on the matter (I haven't actually got an
opinion on these as yet):

1. should daemons really use the TMPDIR value, or should this be for
non-daemon type programs?

2. If yes, then perhaps /etc/init.d/file should reset TMPDIR=/tmp when
starting the daemon?

3. Or perhaps /etc/somedir/somefile could contain a small shell script
which sets the default policy for all environment variables for all
Brian May <bam@debian.org>

Reply to: