[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: per-user temp directories by default?

pe, 2005-11-04 kello 13:00 +0100, Klaus Ethgen kirjoitti:
> Am Fr den  4. Nov 2005 um  5:16 schrieb Noah Meyerhans:
> > Within the security team, there has recently been some talk of pushing
> > for per-user temp directories by default in etch.  I'd like to see what
> That whould be no good idea for security environment where you do
> special think to secure /tmp (make it in memory and encrypt swap). With
> tempdir in users home all applications like for example gpg write
> temporary files to this location which ends up unencrypted on a disk or,
> more bad over an unsecure NFS share to the fileserver.
> Please don't do this by default as it break the security of many, many
> systems!

I don't think the suggestion was to make TMP=~/tmp, but TMP=/tmp/$USER,
where /tmp/$USER is owned by the user in question and is inaccessible to
others. Or perhaps I read too much into the proposal?

Communication via acronyms is rfs.

Reply to: