[debian-mysql] Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

[Robie Basak]

On Thu, Nov 10, 2022 at 12:08:55PM +0100, Marco d'Itri wrote:
> > But are you in essence saying that libpam-tmpdir requires that *every
> > maintainer script* that runs things as non-root, or starts processes
> > that do that, unset TMPDIR first?
> This would not be right, because it is totally valid to set $TMPDIR for 
> the root user too.
> The real issue here is that TMPDIR, like some other variables, should 
> not be propagated when switching privileges from the user to root.
> 
> But here we have ANOTHER issue: whatever ends up initialising mysql does 
> not run as root, but still uses $TMPDIR provided by the root environment.
> Since there is no guarantee at all that $TMPDIR can be accessed (not 
> just be writeable!) by other users then in this case it is correct to 
> request that the package ignores $TMPDIR.

I think this statement is in violent agreement with the statement I made
above?

I agree that there is now no guarantee that $TMPDIR can be accessed,
because of what libpam-tmpdir is doing. However, if you were to ask an
expert from the nineties, that was a reasonable assumption. So what
changed, and where and how precisely is this change supposed to be
accomodated? Every relevant maintainer script? dpkg? Or somewhere else?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mysql-maint/attachments/20221113/364a21bb/attachment.sig>