oss-sec mailing list archives
Re: XDG_RUNTIME_DIR "misuse" as $TMPDIR (was: Re: [oss-security] budgie-extras: multiple predictable /tmp path issues in various applications)
From: Matthias Gerstner <mgerstner () suse de>
Date: Fri, 15 Dec 2023 12:34:24 +0100
Hi Steffen, On Thu, Dec 14, 2023 at 11:15:02PM +0100, Steffen Nurpmeso wrote:
All that makes me think whether XDG_RUNTIME_DIR is such a good target for temporary files, generally speaking.
in general I would also not recommend using it for temporary files. At least in this concrete case of the budgie-extras applications the files placed in there can be considered small enough for a desktop environment. I recommended using XDG_RUNTIME_DIR as a quick fix for these issues, but as I also tried to point out, I don't believe the way temporary files are used here is a good design. At least the immediate dangers for security should be addressed by these quick fixes applied, so sacrificing a bit of the cleanliness of the filesystem seems justified. Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- budgie-extras: multiple predictable /tmp path issues in various applications Matthias Gerstner (Dec 14)
- XDG_RUNTIME_DIR "misuse" as $TMPDIR (was: Re: [oss-security] budgie-extras: multiple predictable /tmp path issues in various applications) Steffen Nurpmeso (Dec 15)
- Re: XDG_RUNTIME_DIR "misuse" as $TMPDIR (was: Re: [oss-security] budgie-extras: multiple predictable /tmp path issues in various applications) Matthias Gerstner (Dec 15)
- Re: budgie-extras: multiple predictable /tmp path issues in various applications Florian Weimer (Dec 17)
- XDG_RUNTIME_DIR "misuse" as $TMPDIR (was: Re: [oss-security] budgie-extras: multiple predictable /tmp path issues in various applications) Steffen Nurpmeso (Dec 15)