On Fri, Nov 04, 2005 at 01:00:48PM +0100, Klaus Ethgen wrote: > That whould be no good idea for security environment where you do > special think to secure /tmp (make it in memory and encrypt swap). With > tempdir in users home all applications like for example gpg write > temporary files to this location which ends up unencrypted on a disk or, > more bad over an unsecure NFS share to the fileserver. > > Please don't do this by default as it break the security of many, many > systems! First of all, libpam_tmpdir doesn't put $TMP in $HOME. Second, we're talking about the *default* configuration. If you're doing something with encrypted swap or $HOME on NFS, you've already diverged quite a bit from the default configuration, so your security would not be broken even if $TMP was in $HOME. You'd simply have one single line to delete from the default pam configuration. noah
Attachment:
signature.asc
Description: Digital signature