On Thu, Apr 26, 2007 at 02:26:49PM -0700, John Plocher wrote: > > ...making things easier for users... > > Why should the user care about this? By definition, things in TMPDIR > are ephemeral and don't usually get noticed by users - unless the > system is h0rked and there is no space left there. > > Since most users don't touch TMPDIR today, and in a well functioning > system the existing default should "just work", I'm not sure what the > problem really is...
I think you could argue that private TMPDIRs are more secure -- no chance of following a malicious symlink placed in a 1777 tmpdir if your tmpdir isn't 1777. But otherwise it doesn't seem friendlier that TMPDIR=/tmp. One problem: TMPDIR should probably be mkdtemp'ed, else there's a DoS (nico% mkdir /tmp/plocher; chmod 700 /tmp/plocher; echo muahahaha), but if mkdtemped then how to make sure that multiple login sessions for the same user share the same TMPDIR? (Search for one?) Nico --
