Derek Martin wrote in <[email protected]>: |On Sun, Jun 23, 2019 at 12:36:07PM +0200, Vincent Lefevre wrote: |> On 2019-06-23 14:44:36 +1000, Cameron Simpson wrote: |>> Were it a simple filename it would all be easy. Maybe a chdir(tmpdir) |>> before running the shell command with a simple filename? |> |> I'm not sure whether this is a good idea. The temporary directory |> may be (and often is) world-writable, and on multi-user machines, |> this increases the risk of vulnerability. For instance, some |> programs may consider configuration files in the current working |> directory, and/or may write/re-read files there. | |While I don't disagree with anything you said, FWIW: | |$ echo $TMPDIR |/home/dmartin/tmp |$ ls -ld $TMPDIR |drwx------ 9 dmartin users 4096 Jun 24 16:45 /home/dmartin/tmp/ | |Mutt honors $TMPDIR. You should set it. You should probably not use |/tmp, especially on a multi-user system, especially if you care about |security (privacy to be more precise, but that's part of security). |You should probably also not put it on NFS. For that matter, you |should probably not put anything sensitive on NFS, which likely |includes your mail (and there are other reasons to avoid that as |well). | |This (or something akin to it) used to be (at least in my circles) |somewhat common knowledge/practice, but it seems the young'ns don't |learn such things anymore. Sadly plenty of more recent POSIX-ish |software programs don't know or don't care about $TMPDIR or other such |historical features anymore.
Hmm, while i totally support the $TMPDIR environment variable, and personally dislike it a lot if i set it and someone simply does not adhere to it, and if its only for testing purposes.., it shall be remarked that OpenBSD "removed support for $TMPDIR" in the base system, as far as i know and recall. Are they young? Well, yes.. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
