On Tue, Jun 25, 2019 at 09:11:22PM +0200, Vincent Lefevre wrote: > On 2019-06-24 17:18:27 -0500, Derek Martin wrote: > > Mutt honors $TMPDIR. You should set it. You should probably not use > > /tmp, especially on a multi-user system, especially if you care about > > security (privacy to be more precise, but that's part of security). > > You should probably also not put it on NFS. > > On the multi-user machines I use, my home is under NFS. So, there > isn't much choice. The other directories I can use are just like > /tmp.
BUT... you still can do better than just using /tmp. You can create, say, /tmp/vincent, with 700 perms, which effectively solves most of the problem. Then set TMPDIR to that. :) In some cases it might get cleaned up, but you can just have your .profile (or whatever) recreate it when you log in... FWIW this is probably what I would do in that case. You could still use your home directory too... most of the trouble is that you have to trust your sysadmins. But typically they already have access to your mail, so... ¯\_(ツ)_/¯ The other issue is if there are weaknesses in the system that allow privilege escalation, an attacker can get access to your files, which may be sensitive. NFS may (or may not) make that easier, because it can provide additional attack vectors. There's root squash of course, but if the user can get root they can also just setuid() to YOUR user, via whatever means. The other reason to avoid using /tmp (or another world-writable directory) is avoiding things like symlink attacks, and similar classes of things. It may also be possible, in uncommon cases, to mount a remote file system that you control (say from a laptop or USB stick or whatever) and use that. In most cases involving multi-user systems this probably won't be possible, but in some circumstances it might be an option. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpICgAXeH8mN.pgp
Description: PGP signature
