$TMPDIR (was Re: Security: Mutt and mailcap rules)
Vincent Lefevre
vincent at vinc17.org
Wed Jun 26 14:26:44 UTC 2019
On 2019-06-25 14:26:16 -0500, Derek Martin wrote:
> On Tue, Jun 25, 2019 at 09:11:22PM +0200, Vincent Lefevre wrote:
> > On 2019-06-24 17:18:27 -0500, Derek Martin wrote:
> > > Mutt honors $TMPDIR. You should set it. You should probably not use
> > > /tmp, especially on a multi-user system, especially if you care about
> > > security (privacy to be more precise, but that's part of security).
> > > You should probably also not put it on NFS.
> >
> > On the multi-user machines I use, my home is under NFS. So, there
> > isn't much choice. The other directories I can use are just like
> > /tmp.
>
> BUT... you still can do better than just using /tmp. You can create,
> say, /tmp/vincent, with 700 perms, which effectively solves most of the
> problem. Then set TMPDIR to that. :)
Mutt should do the creation of the intermediate directory for me.
> In some cases it might get cleaned up, but you can just have your
> .profile (or whatever) recreate it when you log in... FWIW this is
> probably what I would do in that case.
But if the directory has already been created by someone else,
this is not OK. The solution must be compatible with Mutt's
$tmpdir variable (which will not affect other applications,
contrary to $TMPDIR).
> You could still use your home directory too... most of the trouble is
> that you have to trust your sysadmins.
If there's a security issue there, then there's nothing one can do:
my account could be hacked and everything could be read. The problem
is more the reliability of NFS. So temporary files are better put
somewhere else.
> The other reason to avoid using /tmp (or another world-writable
> directory) is avoiding things like symlink attacks, and similar
> classes of things.
At least symlink attacks are now protected by the kernel (and BTW, a
bug in some Debian package related to a symlink attack is no longer
regarded as a security bug by Debian, no longer RC).
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Mutt-dev
mailing list