[Bug 2950] New: Store user runtime files in /run/user/ rather than in /tmp/

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jan 5 03:22:37 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=2950

            Bug ID: 2950
           Summary: Store user runtime files in /run/user/ rather than in
                    /tmp/
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
               URL: https://bugzilla.redhat.com/show_bug.cgi?id=1658642
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3220
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3220&action=edit
proposed patch

In utilized servers and desktops, it is not uncommon that /tmp
directory gets full and ssh services can not write any needed files in
there. This affects the authentication information, local and forwarded
ssh-agent sockets and forwarded kerberos tickets.

This is solved for many applications [1], services and daemons already
by using XDG_RUNTIME_DIR environment variable, which points to the
location under /run/user, that is already private for a specific user.
The advantage is that this variable is available both from PAM after
authentication and in the user session.

The attached patch implements using this environment variable if
available and makes the above use cases more reliable (especially the
authentication information files). On systems not providing this
variable, there should be no overhead and fallback to the current
method.

[1]
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list