On Wed, 2007-09-26 at 00:10 -0400, Robert Connolly wrote: > Hello. There's another topic I don't think I've gotten around to properly. > Each package can have different ways of dealing with temporary files... some > write to /tmp, some to /var/tmp, some to $HOME/tmp, some to $TMPDIR, some to > the current directory, and I'm not sure what else.
> Either way, I'd like to hear feedback about this issue. I feel it's an audit > issue... a bug. I think you correctly made a split between recoverable and non recoverable files. Ghostscript and Acroread (If anyone uses that) both leave temporary files in /tmp regardless and they could be considered a security risk, as /tmp is 0666 at least. That said, let's get real: Expecting support from GNU is like expecting them to write a decent libc. Pointing $TMPDIR & /var/tmp --> ~/tmp might help you. If you are negotiating multi-million dollar contracts using a server online 24/7 as your word processor this is a real issue. But tying yourself in knots has to be worth it. A cron call of a script suggests itself to simply scrub temp files periodically. As to nobody else, I can say: "YOUR distro - your rules" to you, but something like changing the name of the user with UID 0 might be a better endeavour? su su: user root does not exist :-o. As for HLFS-1.0, go for it. Don't become a hint. Never mind automating this. Critical toolchain software is becoming less stable IMHO. Nevertheless, stable versions of a 2.6 kernel, and comapratively stable toolchain options exist without going as far back as 2.4 kernels. If you have to go back there, IMHO it isn't ready yet. I also feel that simplification ought to be high on the agenda. Building HLFS is very intimidating as it stands. So much emphasis is on having it compile, I wonder about performance. Someone like me feels "Maybe in a few months it will be sorted," and I go away and come back again. If you do go to 1.0, Explain the hacks and strategy choices very completely, e.g. a page on Pax/grsecurity comapored with Selinux. Ownership/group strategy, perhaps Umask 027 system wide & optimising uid/gid choices. -- Declan Moriarty <[EMAIL PROTECTED]> -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
