[ On Saturday, September 23, 2000 at 14:52:07 (+1100), Julian Assange wrote: ]
> Subject: Re: PKG_TMPDIR @ /var/tmp
>
> We should have a /usr/pkg/tmp

Yes, that would be a very good idea, though perhaps it should be called
"installtmp" or something similar.  That's because if it's to be used by
pkg_add then you definitely don't want it to be world writable!

Furthermore I try to make sure that my world-writable directories are
mounted with "rw,nodev,noexec" in the options field on any production
machines.  Since pkg_add sometimes has to run INSTALL and REQUIRE
programs extracted from the package archive this tends to make use of
/tmp or /var/tmp for PKG_TMPDIR impossible.

I've been putting "export TMPDIR=/root/tmp" in all my ~root/.profile's
for a long time now in part for these very reasons....  but then I don't
have a separate, small, "/" filesystem on any of my production systems.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>