* Marvin Renich [221115 12:57]:
> TEMPDIR, on the other hand, is for _specific_ cases, and can have
^ et al
Of course, that should be TMPDIR, not TEMPDIR. Apologies.
...Marvin
* Robie Basak [221113 14:15]:
> On Sun, Nov 13, 2022 at 05:46:00PM +0100, Marco d'Itri wrote:
> > On Nov 13, Robie Basak wrote:
> >
> > > This seems inconsistent to me. Where is the expectation that TMPDIR must
> > > be unset if dropping privileges coming from? Obviously for users of
> > Where
> "Otto" == Otto Kekäläinen writes:
Otto> Instead of manually trying to manage TMPDIR env variable in
Otto> various places, we should have a standardized way to run
Otto> maintainer scripts in clean shell sessions that have all env
Otto> variables set automatically correctly.
On Sun, Nov 13, 2022 at 05:46:00PM +0100, Marco d'Itri wrote:
> On Nov 13, Robie Basak wrote:
>
> > This seems inconsistent to me. Where is the expectation that TMPDIR must
> > be unset if dropping privileges coming from? Obviously for users of
> Where is the expectation that $TMPDIR is writable
On Nov 13, Robie Basak wrote:
> This seems inconsistent to me. Where is the expectation that TMPDIR must
> be unset if dropping privileges coming from? Obviously for users of
Where is the expectation that $TMPDIR is writable by any user but the
current one?
I do not believe that it is expected
On Sun, Nov 13, 2022 at 04:16:29PM +0100, Marco d'Itri wrote:
> And I think that it would be wrong to have dpkg generally unset $TMPDIR,
> because if root sets it then it would be reasonable to expect that also
> dpkg and the maintainer scripts use it (as long as they are not dropping
>
On Sun, Nov 13, 2022 at 02:58:47PM +, Simon McVittie wrote:
> If the maintainer script is *dropping* privileges from root down to a
> system user, then I think the maintainer script is/should be responsible
> for doing that privilege drop in a way that works...
Agreed, but amongst various
]] Sunil Mohan Adapa
> During today's FreedomBox meet, we have discussed that systemd'd
> PrivateTmp= is a better solution than libpam-tmpdir for FreedomBox at
> least as systemd makes a cleaner mount isolation between processes
> instead of managing directories and permissions.
>
> For this
]] Robie Basak
> On Thu, Nov 10, 2022 at 05:37:53PM +0100, Tollef Fog Heen wrote:
> > I think it's more wide than that: If you change UID, you need to
> > sanitise the environment. Your HOME is likely to be wrong. PATH might
> > very well be pointing at directories which are not appropriate
On Nov 13, Simon McVittie wrote:
> I think you can both be right. The symptom here is a maintainer script
> failing, but if I'm understanding Marco's argument correctly, he's
> saying that the root cause is that when you switch between execution
> environments, not all of the environment
On Sun, 13 Nov 2022 at 11:38:08 +, Robie Basak wrote:
> On Sun, Nov 13, 2022 at 02:21:58AM +0100, Marco d'Itri wrote:
> > On Nov 12, Otto Kekäläinen wrote:
> > > Instead of manually trying to manage TMPDIR env variable in various
> > > places, we should have a standardized way to run
On Sun, Nov 13, 2022 at 02:21:58AM +0100, Marco d'Itri wrote:
> On Nov 12, Otto Kekäläinen wrote:
>
> > Instead of manually trying to manage TMPDIR env variable in various
> > places, we should have a standardized way to run maintainer scripts in
> > clean shell sessions that have all env
On Thu, Nov 10, 2022 at 10:46:55PM +, brian m. carlson wrote:
> > I think it's more wide than that: If you change UID, you need to
> > sanitise the environment. Your HOME is likely to be wrong. PATH might
> > very well be pointing at directories which are not appropriate for the
> > user
On Thu, Nov 10, 2022 at 05:37:53PM +0100, Tollef Fog Heen wrote:
> I think it's more wide than that: If you change UID, you need to
> sanitise the environment. Your HOME is likely to be wrong. PATH might
> very well be pointing at directories which are not appropriate for the
> user you're
On Thu, Nov 10, 2022 at 12:08:55PM +0100, Marco d'Itri wrote:
> > But are you in essence saying that libpam-tmpdir requires that *every
> > maintainer script* that runs things as non-root, or starts processes
> > that do that, unset TMPDIR first?
> This would not be right, because it is totally
On Nov 12, Otto Kekäläinen wrote:
> Instead of manually trying to manage TMPDIR env variable in various
> places, we should have a standardized way to run maintainer scripts in
> clean shell sessions that have all env variables set automatically
> correctly.
This is not about maintainer scripts,
On 11/12/22 14:09, Daniel Black wrote:
So what Fedora does is a prep script called at StartPre on their
systemd service.
https://src.fedoraproject.org/rpms/mariadb/blob/rawhide/f/mariadb-prepare-db-dir.sh
Which even recently was seen as bloated
So what Fedora does is a prep script called at StartPre on their
systemd service.
https://src.fedoraproject.org/rpms/mariadb/blob/rawhide/f/mariadb-prepare-db-dir.sh
Which even recently was seen as bloated
(https://lists.launchpad.net/maria-discuss/msg06376.html).
What could be done is a oneshot
> > I think the answer to this should probably be established by the
> > libpam-tmpdir maintainer and documented first, for fear of someone else
> > later coming along and saying that the maintainer script incorrectly
> > ignores TMPDIR because we started ignoring it to resolve this bug. So I
> >
On 2022-11-10 at 16:37:53, Tollef Fog Heen wrote:
> ]] Robie Basak
>
> > But are you in essence saying that libpam-tmpdir requires that *every
> > maintainer script* that runs things as non-root, or starts processes
> > that do that, unset TMPDIR first?
>
> I think it's more wide than that: If
]] Robie Basak
> But are you in essence saying that libpam-tmpdir requires that *every
> maintainer script* that runs things as non-root, or starts processes
> that do that, unset TMPDIR first?
I think it's more wide than that: If you change UID, you need to
sanitise the environment. Your HOME
On Nov 10, Robie Basak wrote:
> Thank you for the report. Adding debian-devel@ and the libpam-tmpdir
> maintainer for wider discussion.
>
> On Thu, Nov 10, 2022 at 12:54:34AM +, brian m. carlson wrote:
> > On my systems, I use libpam-tmpdir, which provides each user with a
> > private
Thank you for the report. Adding debian-devel@ and the libpam-tmpdir
maintainer for wider discussion.
On Thu, Nov 10, 2022 at 12:54:34AM +, brian m. carlson wrote:
> On my systems, I use libpam-tmpdir, which provides each user with a
> private temporary directory owned and accessible only by
Package: mysql-server-8.0
Version: 8.0.30-1+b2
Severity: normal
On my systems, I use libpam-tmpdir, which provides each user with a
private temporary directory owned and accessible only by them under
/tmp/user/UID (e.g., /tmp/user/1000). PAM sets the TMPDIR variable to
this value upon creating a
24 matches
Mail list logo
