Re: proposal: per-user temporary directories on by default?
- To: Tollef Fog Heen <tfheen@hardware.no>
- Cc: debian-devel@lists.debian.org
- Subject: Re: proposal: per-user temporary directories on by default?
- From: Kevin Kreamer <kkreamer@etherhogz.org>
- Date: Sat, 02 Aug 2003 20:57:20 -0500
- Message-id: <[🔎] m1vftfec5b.fsf@seanchan.etherhogz.invalid>
- In-reply-to: <871xwbgyp8.fsf@yiwaz.raw.no> (Tollef Fog Heen's message of "Mon, 28 Jul 2003 04:41:23 +0200")
- References: <20030723211409.GA31197@dragon.kitenet.net> <pan.2003.07.24.05.13.40.106296@sourcefrog.net> <20030724161129.GA12355@dragon.kitenet.net> <20030724195005.GB7501@molehole.dyndns.org> <20030724225650.GA27904@rivest.dlitz.net> <20030725134417.GB10407@molehole.dyndns.org> <20030726120943.GA28230@lina.inka.de> <E19gOXY-0000T2-ST@mid.downhill.at.eu.org> <20030727081339.GA130212@morwong.ucc.gu.uwa.edu.au> <871xwbgyp8.fsf@yiwaz.raw.no>
Tollef Fog Heen <tfheen@hardware.no> writes:
> ATM, TMPDIR is defined using #define in libpam-tmpdir's source.
> Patches for having that as a run-time configuration are accepted.
I recently posted to debian-devel a patch to do this (not sure
whether you saw it or not). However, at the time, I didn't realise
that /sbin/pam-tmpdir-helper was a setuid root program. Purely my
fault; I didn't check. Anyway, that patch opens up a security hole[1],
so please don't apply it.
Thanks,
Kevin
[1] My solution as to how to get the path from libpam-tmpdir to
pam-tmpdir-helper was to pass it on the command line. But, since
anyone can run pam-tmpdir-helper, anyone can create any tmpdir they
like anywhere on the system. Very bad.
Attachment:
pgp0fw9TW1Efy.pgp
Description: PGP signature
Reply to: