Suggestion: Leaky temp directory with encrypted home directories

Rob King jking at
Thu Jul 1 19:55:56 UTC 2010

Hello everyone,
   Ubuntu's encrypted home directory feature is quite useful, and a good way
of increasing the security and privacy of information.

   However, the scheme is a little "leaky". Applications still use the
default system-wide temporary directory (/tmp), which is not encrypted. For
applications that store things in the temporary directory, this can cause
leaks of sensitive information outside the encrypted home directory. For
things like Deja Dup, this can cause the entire contents of the home
directory to be copied into an unencrypted area.

   I would suggest that, when a user enables the encrypted home directory
feature, the TMPDIR directory is set to a temporary directory inside that
user's home directory. This could easily be done in desktop sessions by
modifying ~/.xsessionrc. I'm not sure how easy this would be for
command-line logins.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Ubuntu-devel-discuss mailing list