Temporary files & stable versions
junk_mail at iol.ie
Wed Sep 26 07:20:45 PDT 2007
On Wed, 2007-09-26 at 00:10 -0400, Robert Connolly wrote:
> Hello. There's another topic I don't think I've gotten around to properly.
> Each package can have different ways of dealing with temporary files... some
> write to /tmp, some to /var/tmp, some to $HOME/tmp, some to $TMPDIR, some to
> the current directory, and I'm not sure what else.
> Either way, I'd like to hear feedback about this issue. I feel it's an audit
> issue... a bug.
I think you correctly made a split between recoverable and non
recoverable files. Ghostscript and Acroread (If anyone uses that) both
leave temporary files in /tmp regardless and they could be considered a
security risk, as /tmp is 0666 at least.
That said, let's get real: Expecting support from GNU is like expecting
them to write a decent libc. Pointing $TMPDIR & /var/tmp --> ~/tmp might
help you. If you are negotiating multi-million dollar contracts using a
server online 24/7 as your word processor this is a real issue. But
tying yourself in knots has to be worth it. A cron call of a script
suggests itself to simply scrub temp files periodically. As to nobody
else, I can say: "YOUR distro - your rules" to you, but something like
changing the name of the user with UID 0 might be a better endeavour?
su: user root does not exist
As for HLFS-1.0, go for it. Don't become a hint. Never mind automating
this. Critical toolchain software is becoming less stable IMHO.
Nevertheless, stable versions of a 2.6 kernel, and comapratively stable
toolchain options exist without going as far back as 2.4 kernels.
If you have to go back there, IMHO it isn't ready yet.
I also feel that simplification ought to be high on the agenda. Building
HLFS is very intimidating as it stands. So much emphasis is on having
it compile, I wonder about performance. Someone like me feels "Maybe in
a few months it will be sorted," and I go away and come back again.
If you do go to 1.0,
Explain the hacks and strategy choices very completely, e.g. a page on
Pax/grsecurity comapored with Selinux.
Ownership/group strategy, perhaps Umask 027 system wide & optimising
Declan Moriarty <junk_mail at iol.ie>
More information about the hlfs-dev