Re: per-user temp directories by default?
pe, 2005-11-04 kello 13:00 +0100, Klaus Ethgen kirjoitti:
> Am Fr den 4. Nov 2005 um 5:16 schrieb Noah Meyerhans:
> > Within the security team, there has recently been some talk of pushing
> > for per-user temp directories by default in etch. I'd like to see what
>
> That whould be no good idea for security environment where you do
> special think to secure /tmp (make it in memory and encrypt swap). With
> tempdir in users home all applications like for example gpg write
> temporary files to this location which ends up unencrypted on a disk or,
> more bad over an unsecure NFS share to the fileserver.
>
> Please don't do this by default as it break the security of many, many
> systems!
I don't think the suggestion was to make TMP=~/tmp, but TMP=/tmp/$USER,
where /tmp/$USER is owned by the user in question and is inaccessible to
others. Or perhaps I read too much into the proposal?
--
Communication via acronyms is rfs.
Reply to: