On Fri, Apr 27, 2007 at 12:59:42AM +0200, Roland Mainz wrote:
> Nicolas Williams wrote:
>
> For users it appears to be friendlier (compared to have _all_ the files
> in one flat directory where you have to search for your files via $ ls
> -l | fgrep "myusername" # or worse).
Right, but I think that's marginal: I never type "cd $TMPDIR" -- like
everyone else I type "cd /tmp" and old habits die hard.
> > One problem: TMPDIR should probably be mkdtemp'ed, else
> > there's a DoS (nico% mkdir /tmp/plocher; chmod 700 /tmp/plocher; echo
> > muahahaha), but if mkdtemped then how to make sure that multiple login
> > sessions for the same user share the same TMPDIR? (Search for one?)
>
> The example code I've posted earlier (e.g.
> -- snip --
> # set TMPDIR to /tmp/${LOGNAME}/
> if [ "${LOGNAME}" != "" -a "${TMPDIR}" = "" ] ; then
> utmpdir="/tmp/${LOGNAME}"
>
> /usr/bin/mkdir -p -m 1777 "${utmpdir}"
>
> # we have to use /usr/bin/test because /sbin/sh is a bourne shell
> if /usr/bin/test -d "${utmpdir}" -a -O "${utmpdir}" ; then
> TMPDIR="${utmpdir}"
> export TMPDIR
> fi
>
> unset utmpdir
> fi
> -- snip --
> ) explicitly tests for such cases to make sure that no malicious user
> can cause trouble my "squatting" directories, e.g. TMPDIR will only be
> set if the directory is avaiable and owned by the user defined by
> ${LOGNAME} (these conditions are usually "true" unless something goes
> wrong (which should be the exception)) ...
OK, so fallback on TMPDIR=/tmp/.
