Bug#725434: Problems with gbp when $TMP != /tmp
Jakub Wilk
jwilk at debian.org
Tue Oct 20 17:49:02 UTC 2015
* Mattia Rizzolo <mattia at mapreri.org>, 2015-10-20, 16:18:
>>[ -n "$TMP" -a ! -d "$TMP" ] && mkdir -p "$TMP" || true
>>[ -n "$TMPDIR" -a ! -d "$TMPDIR" ] && mkdir -p "$TMPDIR" || true
POSIX says that one should use $TMPDIR as a directory for temporary
files. I you know software that uses $TMP, $TEMP, $TEMPDIR or something
else for this purpose, please file bugs. :)
>umh, something tells me this is not enough: hooks are run as root,
>while the build is not, so the build user would not be able to write
>there. Currently the build username or user ID is not exported to the
>hooks, so the better you can do is to chmod 777 TMPDIR and TMP
>(programs using /tmp should be able to use that securely anyway...)
ITYM 1777. Without sticky bit set, other users could remove your
temporary files or directories and replace them with their own, which
would not end well.
--
Jakub Wilk
More information about the Pbuilder-maint
mailing list