enhance security via private TMP/TMPDIR by default
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Wed May 18 22:25:11 UTC 2005
mattdm at mattdm.org (Matthew Miller) writes:
> Just a thought:
>
>
> /etc/profile.d/tmpdir.sh:
FWIW... I use
| #! /bin/bash
|
| T=/var/tmp/sessiondir-$USER
|
| dir=
| for i in $T.*; do
| test -d "$i" -a -O "$i" -a ! -L "$i" -a "$i" -nt /.autofsck || continue
| dir="$i"
| done
|
| test -n "$dir" || {
| dir=$(mktemp -d "$T.$(date +%s).XXXXXX") && \
| mkdir -p $dir/{tmp,redhat/{SOURCES,RPMS/{i{3,4,5,6}86,noarch,x86_64},SPECS,SRPMS,BUILD}} \
| $dir/cvsextras && \
| ln -s ../SRPMS $dir/redhat/RPMS/
| } || {
| echo "Failed to create tempdir" >&2
| exit 1
| }
|
| tmp="export ENSC_SESSIONDIR=$dir"
| eval $tmp
| echo "$tmp"
to create a session directory. It assigns one temporary directory per
machine cycle (detected by age of /.autofsck). So, e.g. two parallel ssh
logins will have the same sessiondir. Adding the date to its name make
'ls -l ...' show the recent directory last.
Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20050519/d6ad5731/attachment.sig>
More information about the fedora-devel-list
mailing list