enhance security via private TMP/TMPDIR by default

Colin Walters walters at redhat.com
Thu May 12 16:03:28 UTC 2005


On Thu, 2005-05-12 at 11:55 -0400, Matthew Miller wrote:
> Just a thought:
> 
> 
> /etc/profile.d/tmpdir.sh:
> 
> # For privacy and security, set temporary directories to ~/tmp on local

There's actually been some work going on on giving each user their
own /tmp namespace via the kernel's CLONE_NEWNS capability and a PAM
module, AIUI.  To the system administrator this could appear
as /tmp/<username>.  I think the problem is in getting later mounts to
actually appear in the cloned namespace.





More information about the devel mailing list