enhance security via private TMP/TMPDIR by default
Alan Cox
alan at redhat.com
Fri May 27 20:54:47 UTC 2005
On Fri, May 27, 2005 at 04:15:45PM -0400, Peter Jones wrote:
> Yeah, that's better than just blindly using ~/tmp/. But why have the
> extra complexity? Why not always do mktemp and the bind+namespace
> magic? This does have some advantage -- all users' tmp dirs are created
> the way the admin intended when he set the system up, and they're easy
> to find if he needs to look for them, for whatever reason.
There is another ~/tmp problem to worry about. Quite a few programs behave
badly on start up if they can't write to their tmp files. ~/tmp combined with
quota will make this worse.
Alan (who used /tmp/$USER as /tmp when playing with this stuff)
More information about the fedora-devel-list
mailing list