Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages
Dmitry E. Oboukhov wrote:
> EVL>>> The idea behind libpam-tmpdir is that it creates a subdirectory of /tmp
> EVL>>> that is only accessible by that user, and then sets TMPDIR and other
> EVL>>> variables to that. Hence, it doesn't matter nearly as much if you
> EVL>>> create a non-random filename, because nobody but you can access it.
> EVL>> Yes, but
> EVL>> scripts must use $TMPDIR instead '/tmp' or mktemp/tempfile utils :)
> EVL> tempfile uses $TMPDIR by default :)
> scripts must use $TMPDIR or _must_ _use_ mktemp/tempfile ;)
Why use $TMPDIR at all?
$TMPDIR may not be set (libpam-tmp may not be installed), so you have
to test for it. If the test fails, you have to fall back to mktemp or
As mktemp and tempfile are both essential, they can be relied upon.
If $TMPDIR is set, it may be set to something bad, like /tmp. You can be
left with the exact same problem you are trying to solve.
Both mktemp and tempfile support $TMPDIR, and will fall back gracefully
if $TMPDIR does not exist in the environment.
My impression is that mktemp or tempfile should be used, and ignore
TMPDIR anyway. If you really need a directory to write lots of files to,
mktemp -d is there for you.
Is there any scenario where using mktemp or tempfile fails, and sing
 % aptitude search libpam-tmp
p libpam-tmpdir - automatic per-user temporary directories
 % aptitude show $(dpkg -S $(which mktemp tempfile) | sed 's/:.*//') | grep -E '^(Pa|E)'
 I liked  too much to remove it. Sorry.
John H. Robinson, IV firstname.lastname@example.org
WARNING: I cannot be held responsible for the above, sbih.org ( )(:[
as apparently my cats have learned how to type. spiders.html ((((