On Fri, Feb 26, 2021 at 04:13:56PM +0800, Paul Wise wrote: > Looking at the code, the only possible use of /tmp in updatedb.plocate > goes via mkstemp, which is secure even with PrivateTmp=false.
Currently, sure. But code has a habit of changing, and the point of sandboxing is to be safer even against non-obvious bugs. /* Steinar */ -- Homepage: https://www.sesse.net/
