[Pkg-privacy-maintainers] Bug#656750: [monkeysphere] Bug#656750: monkeysphere: wrongly preserves TMPDIR across accounts
Sunil Mohan Adapa
sunil at medhas.org
Thu Jan 17 02:40:06 GMT 2019
tags 656750 + patch
thanks
On Mon, 23 Jan 2012 12:55:58 -0500 Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 01/23/2012 12:19 PM, Jameson Graef Rollins wrote:
> > It occurs to me that we already have/use a tmp directory in the
> > monkeysphere authentication directory
> > (/var/lib/monkeysphere/authentication/tmp). Maybe we should just
> > explicitly set TMPDIR for the monkeysphere user to be that?
>
> Doing this and documenting it clearly seems like a reasonable approach
> to me.
>
> --dkg
>
The attached patch fixes the problem. Patch sets TMPDIR to
/var/lib/monkeysphere/authentication/tmp only when needed, but I have
tested other cases where temporary directory was being created.
* Need Change
- monkeysphere-host: add_revoker: with key from a remote server and with
key file.
- monkeysphere-host: publish_key:
- monkeysphere-authentication: add_certifier: with key from remote
server and with key file.
* No change needed:
- monkeysphere-host: show_key: does not use monkeysphere user.
- monkeysphere-host: revoke_key: does not use monkeysphere user. So any
temporary directory works.
- monkeysphere: import_subkey: does not use monkeysphere user. Not
implemented yet.
- monkeysphere: gen_subkey: does not use monkeysphere user.
- monkeysphere-authentication: update_users: Creates files that are fed
to less privileged process via stdin. Could not test properly.
With this change, I am hoping for a new release of monkeysphere suitable
for FreedomBox in buster.
Thanks,
--
Sunil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Better-sharing-of-temp-directory-across-root-and-mon.patch
Type: text/x-patch
Size: 5694 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20190116/2ecda6ec/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20190116/2ecda6ec/attachment.sig>
More information about the Pkg-privacy-maintainers
mailing list