[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mutt & tmp files

On Thu, Nov 15, 2001 at 11:09:41PM -0800, Craig Dickson wrote:
> Wade Richards wrote:
> > >I still say the bottom line is, if you don't trust root, don't use his
> > >machine.
> > This is the sort of absolutist nonsense that gives security experts a
> > bad name.  After all, anyone armed with a chainsaw can cut through a
> > solid oak door in a matter of hours, so why bother installing a deadbolt
> > on your door?
> To keep out all the people who don't have chainsaws, obviously. But on
> *nix machines, root has a chainsaw, and plenty of other tools also. He
> can also get a key to your deadbolt if he really wants it.

    What you're trying to do is "threat modeling", and quite frankly I'm
    in complete agreement with the statement that "if those with the
    root password are in your threat model, it's time to find another

    That said, the first thing to do is set the environmental variable
    "TMPDIR" to something under your home directory, and something only
    readble by you (well, and root). This gets it out of generic land. 

Share and Enjoy. 

Reply to: