Bug#337279: yaird: /boot != /tmp
On Thu, Nov 03, 2005 at 09:20:55PM +0100, Sven Luther wrote:
> On Thu, Nov 03, 2005 at 09:12:35PM +0100, Jonas Smedegaard wrote:
> > On Thu, 3 Nov 2005 20:31:40 +0100 Sven Luther <sven.luther@wanadoo.fr> wrote:
> > > On Thu, Nov 03, 2005 at 11:44:23AM -0500, Anthony DeRobertis wrote:
> > > > /boot is for "static files of the boot loader" according to the FHS.
> > > > yaird is attempting to use it as /tmp, and failing horribly as it
> > > > runs out of inodes:
> >
> > > A tmpfs could also be used for that, could it not ?
> >
> > The problem is at ramdisk build time, not at boot time, so no need for
> > fancy stuff: Better use plain standard /tmp I guess.
>
> Make sure you create a subdir in a secure way, there where loads of security
> issues involving this in the past.
Which is exactly why /tmp is not used. By using a relative path,
the side effect is that the temp file is created in a location
that the admin deemed safe enough for use. This avoids the whole complicated
discussion in
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html#TEMPORARY-FILES
and works perfectly, except of course if you try to use a target directory
with 64 inodes, > 50% full ...
Using $TMPDIR may be workable: this allows the security conscious to set TMPDIR=$HOME/tmp,
and TMPDIR=/tmp for users with inode constraints on their target directory.
Regards,
Erik
Reply to: