Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR
Marc Haber
mh+debian-packages at zugschlus.de
Mon Jul 3 08:44:14 UTC 2006
On Mon, Jul 03, 2006 at 08:48:21AM +0200, Tollef Fog Heen wrote:
> * Marc Haber
> | A workaround possible for Debian-exim could be
> | mkdir $TMPDIR/Debian-exim
> | chown Debian-exim $TMPDIR/Debian-exim
> | TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job
> | which might also expose a file system which should only be writeable
> | for root for a non-root user.
> |
> | Piotr, would this be an acceptable workaround for you?
> |
> | libpam-tmpdir maintainer, is this an acceptable workaround from a
> | libpam-tmpdir point of view?
>
> Apart from the fact that you won't be able to access
> /tmp/user/0/Debian-exim due to /tmp/user/0 being mode 0700, it'll
> work.
One would have to chown 701 /tmp/user/0. Would that open a too big
security hole in your opinion?
> So no, this won't really work; if you do that, you either need to
> check if $TMPDIR/Debian-exim is accessible to Debian-exim or you need
> to make sure it is.
I'd like making sure it is.
> | dpkg-maintainer, is it possible to have start-stop-daemon do a pam
> | call in case of --chuid so that TMPDIR is set correctly?
>
> This would be the best solution, IMO.
I hope the dpkg guys agree.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-exim4-maintainers
mailing list