On Mon, 23 Jan 2012 09:47:06 -0500, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > I'm pretty sure i disagree with this; we actually may want to pass > environment variables across the switch-user call, and (for example) the > admin might want to set TMPDIR to instruct monkeysphere-authentication > where to place its tempfiles; if we were to reset (or clear) TMPDIR (or > other variables) across the privilege-drop, those attempts would fail.
It occurs to me that we already have/use a tmp directory in the monkeysphere authentication directory (/var/lib/monkeysphere/authentication/tmp). Maybe we should just explicitly set TMPDIR for the monkeysphere user to be that? jamie.
pgpKWEAJJsNVV.pgp
Description: PGP signature