On Thu, Nov 10, 2022 at 12:08:55PM +0100, Marco d'Itri wrote: > > But are you in essence saying that libpam-tmpdir requires that *every > > maintainer script* that runs things as non-root, or starts processes > > that do that, unset TMPDIR first? > This would not be right, because it is totally valid to set $TMPDIR for > the root user too. > The real issue here is that TMPDIR, like some other variables, should > not be propagated when switching privileges from the user to root. > > But here we have ANOTHER issue: whatever ends up initialising mysql does > not run as root, but still uses $TMPDIR provided by the root environment. > Since there is no guarantee at all that $TMPDIR can be accessed (not > just be writeable!) by other users then in this case it is correct to > request that the package ignores $TMPDIR. I think this statement is in violent agreement with the statement I made above? I agree that there is now no guarantee that $TMPDIR can be accessed, because of what libpam-tmpdir is doing. However, if you were to ask an expert from the nineties, that was a reasonable assumption. So what changed, and where and how precisely is this change supposed to be accomodated? Every relevant maintainer script? dpkg? Or somewhere else?
Attachment:
signature.asc
Description: PGP signature