$TMPDIR (was Re: Security: Mutt and mailcap rules)

Steffen Nurpmeso steffen at sdaoden.eu
Tue Jun 25 11:12:40 UTC 2019


Derek Martin wrote in <20190624233654.GB13989 at bladeshadow.org>:
 |On Tue, Jun 25, 2019 at 12:45:02AM +0200, Steffen Nurpmeso wrote:
 |> Hmm, while i totally support the $TMPDIR environment variable, and
 |> personally dislike it a lot if i set it and someone simply does
 |> not adhere to it, and if its only for testing purposes.., it shall
 |> be remarked that OpenBSD "removed support for $TMPDIR" in the base
 |> system, as far as i know and recall.  Are they young?  Well, yes..
 |
 |I think you must be mistaken, because A) that would be insane, B)
 |would require a lot of pointless work to remove it from many shell
 |utilities (and all of the shells), and C) I see references to it
 |being supported, for example in ssh and ssh-agent, the mktemp man
 |page, the ksh (openbsd's default shell) man page, etc..
 |
 |I did see reference to support for $TMPDIR being removed from crontab
 |("because it's not useful in crontab"), which seems kind of idiotic to
 |me, as well as sendbug and newfs (why would newfs need $TMPDIR anyway?
 |Though it seems useful in sendbug)... but that does not amount to it
 |being removed from the core system.

Well.. i think it was more about it, .. and grepping in the tree
it is true for all the in-base daemons and such, except ssh.
From grepping i see it still being used in tmpname.c of stdio,
which surprised me a bit.  My memory was about a ML thread where
usage of TMPDIR was "loudly" discouraged.

 |That said, none of it matters in the context of Mutt, unless they went
 |out of their way to remove support for it in their port... but even
 |then you can always just get the source.

It would have mattered from what comes in via the operating system
libraries, and tools _possibly_ called from within mutt, but
definetely those called during configuration/build, which is all
i wanted to say.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


More information about the Mutt-dev mailing list