On Sun, 21.03.10 14:44, Jonathan Underwood (jonathan.underwood@xxxxxxxxx) wrote: > > It's a shared namespace. As such it is a major source of > > vulnerabitilities, especially if the developers didn't have this > > particular use in mind. > > To what extent would the security issues associated with files in /tmp > be mitigated with a polyinstantiated /tmp directories? Should Fedora > move to that as a default? The major security issues would certainly go away that way, but I don't think that such a behaviourial change would be a good idea. /tmp has always been a shared namespace, and some apps might actually depend on that to exchange files between users. The FHS assumes a single namespace for the entire fs hierarchy and departing from that might create various unexpected problems. Starting from admins who don't expect a weirdness like this, but also applications that break with behaviour like that. To my knowledge the Debian folks experimented with this a couple of years ago, and even wanted to make it the default (but didn't in the end, afaics). Might be interesting to learn about the results of their experimenting. Instead of changing the semantics of /tmp which is already way to established with all its brokeness and weird semantics, I'd rather like to see a new dir added /var/run/users/$USER/ that does not suffer by all the problems and introduces new, clean and well defined semantics. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel