Actually we need to have a predictable tmpfile location (for the caching feature).
The real issue is that it shouldn't be in /tmp as kjetilho said : < kjetilho> doesn't help if the attacker can do mkdir /tmp/subdir; chmod 777 /tmp/subdir after a reboot So, let's go for some directories created at install time in /var/lib/munin. - /var/lib/munin/cgi-tmp/munin-cgi-graph/ for the files generated by munin-cgi-graph - /var/lib/munin/cgi-tmp/munin-cgi-html/ for the files generated by munin-cgi-html (none yet) The /var/lib/munin/cgi-tmp/ directory is to be created owned by the CGI user (in order for it to whatever it needs). -- Steve Schnepp http://blog.pwkf.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
