oss-sec mailing list archives
Re: budgie-extras: multiple predictable /tmp path issues in various applications
From: Florian Weimer <fweimer () redhat com>
Date: Sun, 17 Dec 2023 12:21:53 +0100
* Matthias Gerstner:
As a quick fix for all of these issues I suggested to use `$XDG_RUNTIME_DIR` instead of /tmp. This directory is private to the logged in user and cannot be manipulated by other users in the system.
Note that on some systems, the XDG_RUNTIME_DIR directory is unavailable after user UID switching (e.g., with sudo) because these systems follow the specification to the letter and provide a XDG_RUNTIME_DIR setting for the logged-in user instead of the current user. So while it looks like a good solution for most cases, it breaks a couple of use cases (or still needs fallback even on systems that nominally have XDG_RUNTIME_DIR support). Thanks, Florian
Current thread:
- budgie-extras: multiple predictable /tmp path issues in various applications Matthias Gerstner (Dec 14)
- XDG_RUNTIME_DIR "misuse" as $TMPDIR (was: Re: [oss-security] budgie-extras: multiple predictable /tmp path issues in various applications) Steffen Nurpmeso (Dec 15)
- Re: budgie-extras: multiple predictable /tmp path issues in various applications Florian Weimer (Dec 17)