Comment 13 for bug 90085

Martino Dell'Ambrogio (tillo) wrote :

Please let the user decide if using a /tmp noexec mount point is more secure or not.
I think it is, for many reasons, and I'm a security analyst. Of course it can bring a false sense of security, like everything else, but do we give up firewalls, IDS and even passwords for the same reason? No security system is flawless -- but more security systems can increase the security anyway.

We could discuss that for weeks, but I think that debconf should at least read the TEMP or TEMPDIR environment variable and always use that directory for temporary files, no matter the reason.

If there already is a way to make debconf use another directory instead of /tmp, please let me know and close this bug report accordingly.