On 2026-03-17 13:58:17, Michal Zalewski wrote: > Nice work... flashbacks from 2002 > (https://lcamtuf.coredump.cx/tmp_paper.txt). It's frankly somewhat > mind-boggling that distros keep a world-writable /tmp this day and > age. Whatever questionable benefits it has, it also contributed to > plenty of pointless and easily avoidable vulns.
It's required by POSIX which, funny enough, forbids /tmp from being used the way snap-confine is using it. I wouldn't expect either of these projects to care about POSIX, but the same description was copied & pasted into the FHS. And to its credit, systemd has a page full of documentation on how to avoid this exact problem. 1. https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap10.html 2. https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html 3. https://systemd.io/TEMPORARY_DIRECTORIES/
