$TMPDIR (was Re: Security: Mutt and mailcap rules)
invalid at pizzashack.org
Tue Jul 2 12:33:21 UTC 2019
On Mon, Jul 01, 2019 at 05:01:20PM -0500, Derek Martin wrote:
> On Sat, Jun 29, 2019 at 03:09:57AM +0200, Vincent Lefevre wrote:
> > > This isn't a problem, except that you need to decide what to do when
> > > it happens. In such a case your mkdir will fail, and you will have to
> > > resort to some back-up plan.
> > which is why I use /var/tmp. It's guaranteed to work.
> How's that? It has the exact same semantics as /tmp. On a multiuser
> system, someone could log in after a reboot and create
> /var/tmp/vincent and you're in exactly the same boat.
FWIW was momentarily confused here... of course /var/tmp won't
auto-clean after a reboot. But it will still need to be cleaned up
periodically by the sysadmin when it inevitably fills, and if your
directory is removed at that time the exploit becomes available.
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Mutt-dev