[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: per-user temp directories by default?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Fr den  4. Nov 2005 um  5:16 schrieb Noah Meyerhans:
> Within the security team, there has recently been some talk of pushing
> for per-user temp directories by default in etch.  I'd like to see what

That whould be no good idea for security environment where you do
special think to secure /tmp (make it in memory and encrypt swap). With
tempdir in users home all applications like for example gpg write
temporary files to this location which ends up unencrypted on a disk or,
more bad over an unsecure NFS share to the fileserver.

Please don't do this by default as it break the security of many, many
systems!

Regards
   Klaus Ethgen
- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQEVAwUBQ2tNcJ+OKpjRpO3lAQIDjQf5AWUOrviF019g2c1YntGlqAJS/TzRpwhi
KhHQK/PWuRwl/NmrALidtHe2YUhyisKa58wQ/kPRqTvf9aKrIlAMRFZFK4zYENO9
1441k2AuGmjkcoxMAptLYdc/rRujDJkxeVWwxmkmTj1nzzLVriCgLJgVoJZVzC+O
FXbWa5e7JyWASvYDQqkH2aut0RZwn9g43So8Y+SQOFCRC/qSXFkRIapsOe+PeXGc
9UtMw6BFQ8NrGyAsTaQBl6/AmcSEkOiY8BaJKrBoHfDrhjz6lftBvOoDOfGIYjbB
8cAasv+2eHUiv2FgHkK2imreo5TgjGx2MoFLHu51wwjNg2qtfC7Lvg==
=eXIw
-----END PGP SIGNATURE-----
Reply to: