>>>>> "Otto" == Otto Kekäläinen <o...@kekalainen.net> writes: Otto> Instead of manually trying to manage TMPDIR env variable in Otto> various places, we should have a standardized way to run Otto> maintainer scripts in clean shell sessions that have all env Otto> variables set automatically correctly.
I think trusting TMPDIR when running a maintainer script as root is fine.\ The sanitization should happen by sudo (or su or sshd) which is what gates you into root privilege. The issue with the mysql/mariadb scripts is that they are taking root's environment and applying it to the mysql user. So, those scripts need to do additional sanitization/trimming of the environment. But that comes up because those scripts are introducing a uid transition.