On Tue, 07 May 2024 at 07:34:54 -0500, r...@neoquasar.org wrote: > possibly convince those applications to use their own > scratch space such as /tmp/<package>/ that is more easily identifiable
This would be a denial of service at best, and a privilege escalation vulnerability at worst. To be safe, it would have to be more like /tmp/<package>.XXXXXX where the XXXXXX is replaced by a random string by mkstemp() or similar. (For example my system currently has /var/tmp/flatpak-cache-5X58M2/ which is fine, but using /var/tmp/flatpak-cache/ would be wrong.) smcv