On Thu, Apr 16, 2015 at 9:25 AM, Matthew Miller wrote:
On Thu, Apr 16, 2015 at 07:44:21AM -0500, Les Mikesell wrote:
The issue here really isn't systemd or the PrivateTmp feature but the
fact that some applications don't properly distinguish between temporary
files and data files.
Maybe, but if an application wants a private directory for temporary
files, shouldn't it create and manage that directory itself instead of
being second-guessed by the default configuration of the OS?
This one I have a clear answer for: no. It's the distribution's job to
help regularize application practices, especially when they don't
follow good practices for security.

Really? I would have expected that it was the distribution's job to
not surprise coders or administrators. Particularly for 'enterprise'
operating systems where the point is to keep the same application
working the same way, often for the life of a company.

Ideally, we work with upstreams on
this, but sometimes where it's just a matter of configuration, we
choose to exercise options to make everything fit together.

I typically have many web 'applications' running on the same system
under the same apache instance, distinguished only by the top level
directory in the url. Even if it made sense to someone to surprise
these applications by remapping the filesystem for some reason, why
would it make sense for them to share what the system thinks it is
making private?

    Les Mikesell
      lesmikesell at gmail.com

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 14 of 14 | next ›
Discussion Overview
groupcentos @
postedApr 15, '15 at 8:55p
activeApr 16, '15 at 2:48p



site design / logo © 2021 Grokbase