[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: per-user temp directories by default?


On Thu, Nov 03, 2005 at 11:16:43PM -0500, Noah Meyerhans wrote:
> Within the security team, there has recently been some talk of pushing
> for per-user temp directories by default in etch.  I'd like to see what
> people's reaction to such a proposal would be.

granted that i don't know the specifics of this module, but from
my perspective i think it would be reasonable to include this in the
default setup.

> There are a number of outstanding "insecure tempfile vulnerabilities",
> and there has been some talk that they're both too numerous and of low
> enough impact that they're not even worth releasing DSAs for.  Never the
> less, they are potentially dangerous and should be dealt with on some
> level.  We believe that using libpam_tmpdir by default should make
> nearly all of these vulnerabilities cease to be relevant (there are some

well, cease to be relevant for releases after etch, maybe... but you
still have the lifespan of woody + sarge + etch during which they
would still be relevant.  so this isn't exactly an immediate benefit :)



Attachment: signature.asc
Description: Digital signature

Reply to: