Bug#373786: /etc/cron.daily/exim4-base should unset TMPDIR

Marc Haber mh+debian-packages at zugschlus.de
Fri Jun 30 16:19:28 UTC 2006 

retitle #373786 /etc/cron.daily/exim4-base fails with libpam-tmpdir
clone #373786 -1 
reassign -1 dpkg
retitle -1 start-stop-daemon: should use PAM in --chuid setting
submitter -1 mh+debian-bugs at zugschlus.de
thanks

On Thu, Jun 15, 2006 at 04:22:54PM +0200, Piotr Kaczuba wrote:
> /etc/cron.daily/exim4-base should unset TMPDIR, so when one is using
> pam_tmpdir, the cron script could sucessfully do its work. The cron
> script uses find with chuid, and as a result tempnam() fails because
> it doesn't have access to the temp directory set by pam_tmpdir.

>From what I guess is that the bug reporter has libpam-tmpname
installed, and thus, for /etc/cron.daily/exim4-base, TMPDIR gets set
to /tmp/root, which is only writeable for root. The cron script then
proceeds to call "start-stop-daemon --chuid Debian-exim some_job",
with some_job using tempnam() to obtain a temporary file name,
honoring TMPDIR, which is not writeable by Debian-exim, the account
some_job is running as.

After discussing the issue on IRC with mrvn, jvw and waldi, I have
learned that applications are encouraged to use TMPDIR instead of a
hard-coded /tmp. Additionally, it is wrong to make the directory
$TMPDIR points to writeable for Debian-exim as it might be in a place
where only root should be able to write to.

Hence, the right thing to do is to set TMPDIR to a directory that is
writeable by Debian-exim.

A workaround possible for Debian-exim could be
mkdir $TMPDIR/Debian-exim
chown Debian-exim $TMPDIR/Debian-exim
TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job
which might also expose a file system which should only be writeable
for root for a non-root user.

Piotr, would this be an acceptable workaround for you?

libpam-tmpdir maintainer, is this an acceptable workaround from a
libpam-tmpdir point of view?

dpkg-maintainer, is it possible to have start-stop-daemon do a pam
call in case of --chuid so that TMPDIR is set correctly?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-exim4-maintainers mailing list