[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: per-user temp directories by default?

On Fri, Nov 04, 2005 at 01:00:48PM +0100, Klaus Ethgen wrote:
> That whould be no good idea for security environment where you do
> special think to secure /tmp (make it in memory and encrypt swap). With
> tempdir in users home all applications like for example gpg write
> temporary files to this location which ends up unencrypted on a disk or,
> more bad over an unsecure NFS share to the fileserver.
> Please don't do this by default as it break the security of many, many
> systems!

First of all, libpam_tmpdir doesn't put $TMP in $HOME.  Second, we're
talking about the *default* configuration.  If you're doing something
with encrypted swap or $HOME on NFS, you've already diverged quite a bit
from the default configuration, so your security would not be broken
even if $TMP was in $HOME.  You'd simply have one single line to delete
from the default pam configuration.


Attachment: signature.asc
Description: Digital signature

Reply to: