On Fri, Apr 13, 2012 at 06:10:24PM +0200, Steve Schnepp wrote: > Actually we need to have a predictable tmpfile location (for the > caching feature).
I did notice the caching feature even though I did not explicitly mention it in my initial bug report. > The real issue is that it shouldn't be in /tmp as kjetilho said : > > < kjetilho> doesn't help if the attacker can do mkdir /tmp/subdir; > chmod 777 /tmp/subdir after a reboot I was about to write this, but it seemed too obvious to me. Use a @reboot cronjob. ;-) > So, let's go for some directories created at install time in /var/lib/munin. > > - /var/lib/munin/cgi-tmp/munin-cgi-graph/ for the files generated by > munin-cgi-graph > - /var/lib/munin/cgi-tmp/munin-cgi-html/ for the files generated by > munin-cgi-html (none yet) > > The /var/lib/munin/cgi-tmp/ directory is to be created owned by the > CGI user (in order for it to whatever it needs). So you already pointed out that we are talking about a cache, but still use /var/lib. Why? I suggested /var/cache/munin/graph and still think that it is a better place, because your backup solution does not need to back up those graphs. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
