commit 8296e4b8b597ccd3f197c9fa489003d97951b6e9
Author: Colin Guthrie <colin@...>
Date:   Tue Apr 28 09:44:24 2015 +0100

    Check correct msec config file for SECURE_TMP config.
    
    Note: I think this is bogus. It doesn't deal properly with homedirs
    on NFS with SECURE_TMP set as many programs require filesystem
    behaviour that NFS cannot honour. If anything, the tmp folder
    should be mounted as tmpfs.
    
    Ultimately however this is what XDG_RUNTIME_DIR is meant to
    do and programs should generally move away from it.
    
    I'd suggest even that TMP and TMPDIR point to /run/user/603/tmp
    if you want a really secure TMPDIR system.
    
    Or at least something along those lines.
    
    mga#14778
---
 Commit Link:
   http://gitweb.mageia.org/software/forks/initscripts/commit/?id=8296e4b8b597ccd3f197c9fa489003d97951b6e9

(In reply to Mageia Robot from comment #1)
> commit 8296e4b8b597ccd3f197c9fa489003d97951b6e9
> Author: Colin Guthrie <colin@...>
> Date:   Tue Apr 28 09:44:24 2015 +0100
> 
>     Check correct msec config file for SECURE_TMP config.
>     
>     Note: I think this is bogus. 

I am going to assume the "this is bogus" applies to the actual temp security and not the bug report.


>  It doesn't deal properly with homedirs
>     on NFS with SECURE_TMP set as many programs require filesystem
>     behaviour that NFS cannot honour. If anything, the tmp folder
>     should be mounted as tmpfs.

Yuck, I hate to see ram wasted on files in ~/tmp

>     Ultimately however this is what XDG_RUNTIME_DIR is meant to
>     do and programs should generally move away from it.
>     
>     I'd suggest even that TMP and TMPDIR point to /run/user/603/tmp
>     if you want a really secure TMPDIR system.

There are a couple of problems with that. 
I think tmp secure is chmod 700 ~/tmp is good enough to meet original requirements. Personally I think secure should be chmod 700 /home/$USER

1. No clue about GNOME but KDE start up time would noticeably increase if it can not find the directories/files found in KDEVARTMP or KDETMP location.
Current out-of-the-box default location is /var/tmp.

2. That /run/user/nnnn is causing directory/file not found noise in the journal for my user cron jobs or for all my sudo su - $USER interactive stuff. My solution is a hourly root job to create the /run/user stuff before the users cron job runs.

current kludge to suppress noise snippet:
        XDG_RUNTIME_DIR=/run/user/$_uid
        for _d in dbus dconf gvfs ksocket-$-id pulse systemd ; do
          mkdir -p $XDG_RUNTIME_DIR/$_d
          chmod 700 $XDG_RUNTIME_DIR/$_d
        done
        touch $XDG_RUNTIME_DIR/systemd/notify
        chmod 700 $XDG_RUNTIME_DIR
        chown -R $_uid:$_gid $XDG_RUNTIME_DIR

In the end, is the bug fixed or not? (Note to Bit Twister: you were answering to a commit message, not to a comment)

(In reply to Samuel VERSCHELDE from comment #3)
> In the end, is the bug fixed or not? 

I do not know for sure because I patched my install before I opened a bug.

I ran through my open bugs and resolved all that I could prove were fixed.

Since I always do clean installs, I plan on testing my 48 open bugs again when the next Mageia-5-x86_64-DVD.iso comes out.

I'll leave it up to you to decide to remove the NEEDINFO or not.

(In reply to Samuel VERSCHELDE from comment #3)
> In the end, is the bug fixed or not? 

The code has not been changed
from   /etc/sysconfig/shell
to     /etc/security/shell

The bug is still valid on Release 5.

Keywords: NEEDINFO => (none)

 Problem no longer occurs.

Status: NEW => RESOLVED
Resolution: (none) => FIXED