Le mercredi 13 août 2008 à 16:19 +0200, Julien Cristau a écrit : > On Wed, Aug 13, 2008 at 23:24:47 +1000, Sven Dowideit wrote: > > > so Dmitry, > > > > if you were trying to actually help get this fixed, I presume you would > > have suggested that I just patch the code to > > > > rm /tmp/twiki > > and then create it? > > > > or what are you actually suggesting? > > > No. Don't touch/use predictable file names in /tmp. >
Which leads us again to something like /var/run/twiki/session/ or /var/lib/twiki/tmp/session/ or some other custom path, with some garbage collection (cronjob ?) and all the fuss ? Maybe there are best practice use of CGI::Session somewhere ? ... not to mention other uses of the other files created in /tmp/twiki at the moment... but the most critical seems to be the dir creation in the postinst. Or maybe simply not create a separate dir for session files and use plain clear /tmp for CGI::Session files ? Unless that leads to potential information leaks ? Follow-up to : http://lists.debian.org/debian-devel/2008/08/msg00340.html ? My 2 cents, -- Olivier BERGER <[EMAIL PROTECTED]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
