сб, 6 мар. 2021 г. в 20:53, Theo de Raadt <dera...@openbsd.org>: > > Vadim Zhukov <persg...@gmail.com> wrote: > > > > The backup dir can be configured to something else, but it needs to be > > > writeable by the user whois login in. It could be a subdir of /tmp (if > > > the rc.d script takes care of creating it) or I can remove that > > > feature from xenodm and fail the login if /home is not writeable. > > > > I've sent a diff for subdir of /tmp already. ;-) > > Sure, but the creation of a directory introduces new concerns. > > Why must non-readable $HOME work, and is the trade-off for placing > "keys" in /tmp worthwhile. > > It made sense to someone 30 years ago. Does it make sense now?
Please correct me if I wrong: you said "non-readable $HOME" a few times during discussion, did you mean "read-only $HOME" instead? -- WBR, Vadim Zhukov
