[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: per-user temp directories by default?

Klaus Ethgen <Klaus@Ethgen.de> wrote:

> Am Fr den  4. Nov 2005 um  5:16 schrieb Noah Meyerhans:
>> Within the security team, there has recently been some talk of pushing
>> for per-user temp directories by default in etch.  I'd like to see what
> That whould be no good idea for security environment where you do
> special think to secure /tmp (make it in memory and encrypt swap). With
> tempdir in users home all applications like for example gpg write
> temporary files to this location which ends up unencrypted on a disk or,
> more bad over an unsecure NFS share to the fileserver.

What do the security people mean with per-user temp directories?  It's
clear that $HOME/tmp would be bad, but /tmp/$USERNAME/ with proper
permissions doesn't sound so awkward.

Regards, Frank
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to: