enhance security via private TMP/TMPDIR by default
Matthew Miller
mattdm at mattdm.org
Thu May 12 15:55:04 UTC 2005
Just a thought:
/etc/profile.d/tmpdir.sh:
# For privacy and security, set temporary directories to ~/tmp on local
# filesystems -- but for network filesystems, make up one in /tmp.
# The trap statement cleans up the temporary directory if it's empty on exit.
if [ -z "$TMP" ]; then
if [ $EUID -ne 0 ] && [ -d $HOME/tmp ] &&
[ $( df --local $HOME | wc -l ) -gt 1 ]; then
TMP=$HOME/tmp
else
TMP=$( mktemp -d /tmp/${HOSTNAME}.tmp.XXXXXXXX ) || exit 1
trap "rmdir --ignore-fail-on-non-empty $TMP" EXIT
fi
fi
if [ -z "$TMPDIR" ]; then
TMPDIR=$TMP
fi
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 82 degrees Fahrenheit.
More information about the fedora-devel-list
mailing list