pam-tmpdir promote to main?
john.r.moser at gmail.com
Wed Oct 17 15:01:28 UTC 2012
On Wed, Oct 17, 2012 at 10:52 AM, Marc Deslauriers
<marc.deslauriers at canonical.com> wrote:
> Now that we have symlink restrictions in Ubuntu, security issues with
> using the /tmp directory are greatly reduced.
> Since Quantal now sets $XDG_RUNTIME_DIR, apps should use it or one of
> the other $XDG_* locations to store temporary user data. If use of /tmp
> is still necessary, apps should simply assign appropriate permissions to
> the files they create in /tmp.
I'm more concerned with keeping the contents of /tmp private. When I
filed bugs for Thunderbird and Firefox years ago (which never got
fixed) I pointed out things like site designations, client names, and
(amusingly) pornography being leaked through /tmp. Which has got to
be great when you're 15 and peeking at /tmp to see what kinds of
flicks your dad's been downloading, though now everything streams in
Well, except torrent names, which are spewed all over the place, and
stay there until reboot.
> Please file bugs on any app that doesn't currently do this properly.
> Marc Deslauriers
> Ubuntu Security Engineer | http://www.ubuntu.com/
> Canonical Ltd. | http://www.canonical.com/
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
More information about the Ubuntu-devel-discuss