enhance security via private TMP/TMPDIR by default

Matthew Miller mattdm at mattdm.org
Thu May 12 15:55:04 UTC 2005


Just a thought:


/etc/profile.d/tmpdir.sh:

# For privacy and security, set temporary directories to ~/tmp on local
# filesystems -- but for network filesystems, make up one in /tmp.
# The trap statement cleans up the temporary directory if it's empty on exit.

if [ -z "$TMP" ]; then
    if [ $EUID -ne 0 ] && [ -d $HOME/tmp ] && 
       [ $( df --local $HOME | wc -l ) -gt 1 ]; then
        TMP=$HOME/tmp
    else        
        TMP=$( mktemp -d /tmp/${HOSTNAME}.tmp.XXXXXXXX ) || exit 1
        trap "rmdir --ignore-fail-on-non-empty $TMP" EXIT
    fi
fi    

if [ -z "$TMPDIR" ]; then
    TMPDIR=$TMP
fi

-- 
Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 82 degrees Fahrenheit.




More information about the fedora-devel-list mailing list