[debian-mysql] Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

Sam Hartman hartmans at debian.org
Sun Nov 13 22:03:49 GMT 2022


>>>>> "Otto" == Otto Kekäläinen <otto at kekalainen.net> writes:
    Otto> Instead of manually trying to manage TMPDIR env variable in
    Otto> various places, we should have a standardized way to run
    Otto> maintainer scripts in clean shell sessions that have all env
    Otto> variables set automatically correctly.

I think trusting TMPDIR when running a maintainer script as root is
fine.\
The sanitization should happen by sudo (or su or sshd) which is what
gates you into root privilege.

The issue with the mysql/mariadb scripts is that they are taking root's
environment and applying it to the mysql user.
So, those scripts need to do additional sanitization/trimming of the
environment.
But that comes up because those scripts are introducing a uid
transition.



More information about the pkg-mysql-maint mailing list