[debian-mysql] Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

[Tollef Fog Heen]

]] Robie Basak 

> But are you in essence saying that libpam-tmpdir requires that *every
> maintainer script* that runs things as non-root, or starts processes
> that do that, unset TMPDIR first?

I think it's more wide than that: If you change UID, you need to
sanitise the environment.  Your HOME is likely to be wrong.  PATH might
very well be pointing at directories which are not appropriate for the
user you're changing the UID to, etc.

> I think the answer to this should probably be established by the
> libpam-tmpdir maintainer and documented first, for fear of someone else
> later coming along and saying that the maintainer script incorrectly
> ignores TMPDIR because we started ignoring it to resolve this bug. So I
> copied debian-devel@ for comment.

I'm not sure this is libpam-tmpdir specific, but rather a bit more
general: what are the expectations that maintainer scripts can have
about the environment they're running in, and how do we make those
expectations hold?  This should probably then be documented in policy.

Cheers,
-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are