pam-tmpdir promote to main?

John Moser john.r.moser at
Wed Oct 17 15:01:28 UTC 2012

On Wed, Oct 17, 2012 at 10:52 AM, Marc Deslauriers
<marc.deslauriers at> wrote:
> Now that we have symlink restrictions in Ubuntu, security issues with
> using the /tmp directory are greatly reduced.
> Since Quantal now sets $XDG_RUNTIME_DIR, apps should use it or one of
> the other $XDG_* locations to store temporary user data. If use of /tmp
> is still necessary, apps should simply assign appropriate permissions to
> the files they create in /tmp.

I'm more concerned with keeping the contents of /tmp private.  When I
filed bugs for Thunderbird and Firefox years ago (which never got
fixed) I pointed out things like site designations, client names, and
(amusingly) pornography being leaked through /tmp.  Which has got to
be great when you're 15 and peeking at /tmp to see what kinds of
flicks your dad's been downloading, though now everything streams in

Well, except torrent names, which are spewed all over the place, and
stay there until reboot.

> Please file bugs on any app that doesn't currently do this properly.
> Marc.
> --
> Marc Deslauriers
> Ubuntu Security Engineer     |
> Canonical Ltd.               |
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at
> Modify settings or unsubscribe at:

More information about the Ubuntu-devel-discuss mailing list