$TMPDIR (was Re: Security: Mutt and mailcap rules)

Derek Martin invalid at pizzashack.org
Tue Jul 2 12:33:21 UTC 2019


On Mon, Jul 01, 2019 at 05:01:20PM -0500, Derek Martin wrote:
> On Sat, Jun 29, 2019 at 03:09:57AM +0200, Vincent Lefevre wrote:
> > > This isn't a problem, except that you need to decide  what to do when
> > > it happens.  In such a case your mkdir will fail, and you will have to
> > > resort to some back-up plan.
> > 
> > which is why I use /var/tmp. It's guaranteed to work.
> 
> How's that?  It has the exact same semantics as /tmp.  On a multiuser
> system, someone could log in after a reboot and create
> /var/tmp/vincent and you're in exactly the same boat.

FWIW was momentarily confused here... of course /var/tmp won't
auto-clean after a reboot.  But it will still need to be cleaned up
periodically by the sysadmin when it inevitably fills, and if your
directory is removed at that time the exploit becomes available.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190702/5f8b467f/attachment.asc>


More information about the Mutt-dev mailing list