On Mon, Jul 03, 2006 at 08:48:21AM +0200, Tollef Fog Heen wrote: > * Marc Haber > | A workaround possible for Debian-exim could be > | mkdir $TMPDIR/Debian-exim > | chown Debian-exim $TMPDIR/Debian-exim > | TMPDIR=$TMPDIR/Debian-exim start-stop-daemon --chuid Debian-exim some_job > | which might also expose a file system which should only be writeable > | for root for a non-root user. > | > | Piotr, would this be an acceptable workaround for you? > | > | libpam-tmpdir maintainer, is this an acceptable workaround from a > | libpam-tmpdir point of view? > > Apart from the fact that you won't be able to access > /tmp/user/0/Debian-exim due to /tmp/user/0 being mode 0700, it'll > work.
One would have to chown 701 /tmp/user/0. Would that open a too big security hole in your opinion? > So no, this won't really work; if you do that, you either need to > check if $TMPDIR/Debian-exim is accessible to Debian-exim or you need > to make sure it is. I'd like making sure it is. > | dpkg-maintainer, is it possible to have start-stop-daemon do a pam > | call in case of --chuid so that TMPDIR is set correctly? > > This would be the best solution, IMO. I hope the dpkg guys agree. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
