[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

About (TWiki/web apps) sessions save dir - Was: Re: RFS: Second try for twiki-ldapcontrib, new upstream version - Re: RFS: twiki-ldapcontrib - LDAP services for TWiki

Hi Vincent.

Le samedi 16 août 2008 à 13:26 +0200, Vincent Bernat a écrit :
> I would be happy  to upload your fix but I disagree  with it. As pointed
> by Olivier at the end of the  bug report, /tmp can be flushed at boot or
> by some cronjobs. Therefore, you  cannot ensure that the twiki directory
> still exists when twiki will be running.
> I  cannot  give  an  universal   solution,  but  in  Roundcube,  we  use
> /var/lib/roundcube/temp and  we provide  a cron job  that will  clean it
> every m days where <m> can  be set by the user in /etc/default/roundcube
> (and I just noticed that this is broken... will upload a fix). This way,
> we don't fill  up /var but we don't rely on  anything in /tmp. Moreover,
> we  don't have  to handle  a complex  script in  postinst  to circumvent
> symlinks attacks.
> The problem with webapps is that we don't have a clear policy of what to
> do. You  can just  look at other  packages, like  phpmyadmin, mediawiki,
> etc. Each attempt to establish a webapps policy seems to be aborted.

That's why I asked for advice on debian-devel@ with no success :(

Feel free to comment anyway ;)

Best regards,
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)

Reply to: