Please let the user decide if using a /tmp noexec mount point is more secure or not.
I think it is, for many reasons, and I'm a security analyst. Of course it can bring a false sense of security, like everything else, but do we give up firewalls, IDS and even passwords for the same reason? No security system is flawless -- but more security systems can increase the security anyway.
We could discuss that for weeks, but I think that debconf should at least read the TEMP or TEMPDIR environment variable and always use that directory for temporary files, no matter the reason.
If there already is a way to make debconf use another directory instead of /tmp, please let me know and close this bug report accordingly.
Please let the user decide if using a /tmp noexec mount point is more secure or not.
I think it is, for many reasons, and I'm a security analyst. Of course it can bring a false sense of security, like everything else, but do we give up firewalls, IDS and even passwords for the same reason? No security system is flawless -- but more security systems can increase the security anyway.
We could discuss that for weeks, but I think that debconf should at least read the TEMP or TEMPDIR environment variable and always use that directory for temporary files, no matter the reason.
If there already is a way to make debconf use another directory instead of /tmp, please let me know and close this bug report accordingly.