$TMPDIR (was Re: Security: Mutt and mailcap rules)

Derek Martin invalid at pizzashack.org
Tue Jul 2 12:33:21 UTC 2019

On Mon, Jul 01, 2019 at 05:01:20PM -0500, Derek Martin wrote:
> On Sat, Jun 29, 2019 at 03:09:57AM +0200, Vincent Lefevre wrote:
> > > This isn't a problem, except that you need to decide  what to do when
> > > it happens.  In such a case your mkdir will fail, and you will have to
> > > resort to some back-up plan.
> > 
> > which is why I use /var/tmp. It's guaranteed to work.
> How's that?  It has the exact same semantics as /tmp.  On a multiuser
> system, someone could log in after a reboot and create
> /var/tmp/vincent and you're in exactly the same boat.

FWIW was momentarily confused here... of course /var/tmp won't
auto-clean after a reboot.  But it will still need to be cleaned up
periodically by the sysadmin when it inevitably fills, and if your
directory is removed at that time the exploit becomes available.

Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190702/5f8b467f/attachment.asc>

More information about the Mutt-dev mailing list