[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

enhance security via private TMP/TMPDIR by default



Just a thought:


/etc/profile.d/tmpdir.sh:

# For privacy and security, set temporary directories to ~/tmp on local
# filesystems -- but for network filesystems, make up one in /tmp.
# The trap statement cleans up the temporary directory if it's empty on exit.

if [ -z "$TMP" ]; then
    if [ $EUID -ne 0 ] && [ -d $HOME/tmp ] && 
       [ $( df --local $HOME | wc -l ) -gt 1 ]; then
        TMP=$HOME/tmp
    else        
        TMP=$( mktemp -d /tmp/${HOSTNAME}.tmp.XXXXXXXX ) || exit 1
        trap "rmdir --ignore-fail-on-non-empty $TMP" EXIT
    fi
fi    

if [ -z "$TMPDIR" ]; then
    TMPDIR=$TMP
fi

-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 82 degrees Fahrenheit.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]