Vadim Zhukov <persg...@gmail.com> wrote: > сб, 6 мар. 2021 г. в 20:53, Theo de Raadt <dera...@openbsd.org>: > > > > Vadim Zhukov <persg...@gmail.com> wrote: > > > > > > The backup dir can be configured to something else, but it needs to be > > > > writeable by the user whois login in. It could be a subdir of /tmp (if > > > > the rc.d script takes care of creating it) or I can remove that > > > > feature from xenodm and fail the login if /home is not writeable. > > > > > > I've sent a diff for subdir of /tmp already. ;-) > > > > Sure, but the creation of a directory introduces new concerns. > > > > Why must non-readable $HOME work, and is the trade-off for placing > > "keys" in /tmp worthwhile. > > > > It made sense to someone 30 years ago. Does it make sense now? > > Please correct me if I wrong: you said "non-readable $HOME" a few > times during discussion, did you mean "read-only $HOME" instead?
non-writeable. I'll start working on diffs to many parts of OpenBSD, that if they cannot write files, they just throw them in /tmp /sarc *WHY* does X do this. *WHY* do you think it is smart? Justify it. And I mean justify it beyond "I've accidentally been using this".
