>>>>> "Otto" == Otto Kekäläinen <o...@kekalainen.net> writes:
Otto> Instead of manually trying to manage TMPDIR env variable in
Otto> various places, we should have a standardized way to run
Otto> maintainer scripts in clean shell sessions that have all env
Otto> variables set automatically correctly.
I think trusting TMPDIR when running a maintainer script as root is
fine.\
The sanitization should happen by sudo (or su or sshd) which is what
gates you into root privilege.
The issue with the mysql/mariadb scripts is that they are taking root's
environment and applying it to the mysql user.
So, those scripts need to do additional sanitization/trimming of the
environment.
But that comes up because those scripts are introducing a uid
transition.
