pam-tmpdir promote to main?
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Oct 17 14:52:41 UTC 2012
On 12-10-17 10:19 AM, John Moser wrote:
> Can we promote pam-tmpdir to main instead of universe for 13.04? It
> seems to work pretty well now, and so I recommend activating it by
> default early in the development cycle. Very early. Like first
> change early: pam-tmpdir is part of the base system default install.
>
> The rationale for this is pam-tmpdir makes changes to $TMP and $TMPDIR
> which affect application behavior. Non-conforming applications will
> dump their temp files into /tmp anyway; conforming applications using
> $TMP or $TMPDIR will put them in a user-specific directory. SOME
> applications may break--they shouldn't, but GDM broke in 2004 so I
> could see things breaking.
>
> Applications ceasing to function is what I'm interested in. Anything
> that's built and tested that fails to run properly under pam-tmpdir.
>
> pam-tmpdir creates a root-owned directory /tmp/users with permissions
> o=--x. Upon log-on, pam creates a directory /tmp/users/$UID/ owned by
> the user and with permissions 700. That becomes $TMP and $TMPDIR, and
> so most applications put their temporary files there.
>
Now that we have symlink restrictions in Ubuntu, security issues with
using the /tmp directory are greatly reduced.
Since Quantal now sets $XDG_RUNTIME_DIR, apps should use it or one of
the other $XDG_* locations to store temporary user data. If use of /tmp
is still necessary, apps should simply assign appropriate permissions to
the files they create in /tmp.
Please file bugs on any app that doesn't currently do this properly.
Marc.
--
Marc Deslauriers
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
More information about the Ubuntu-devel-discuss
mailing list