Re: Conditionally destination for package
Re: Conditionally destination for package
- Subject: Re: Conditionally destination for package
- From: Matthias Schroeder <email@hidden>
- Date: Fri, 21 Mar 2014 11:35:15 +0100
Hi Bill,
On 03/19/2014 07:27 PM, Bill Coderre wrote:
In these days of security risks, let me point out that Installer
provides an environment variable called INSTALLER_TEMP which points
to a secure folder that is created by Installer at the very start of
installation, and deleted at the very end.
Please use it instead of /tmp whenever possible!
Thanks a lot for pointing this out! I was already wondering how I could
create such a folder and pass the info about it to the various parts of
the package. Are there already any files or directories inside
INSTALLER_TEMP used by the installer itself, so that my scripts should
avoid touching them? The "Software Delivery Legacy Guide" is not very
detailed in that respect.
Why? Let’s suppose that I am a 14 year old who knows that my school
is going to install a certain package, and that package writes to
/tmp/cookie. So I create a symbolic link from that to, say, a web
filtering program. Now when the install happens, the web filter gets
deleted. YAY.
And that is probably one of the less dangerous abuses (except for the
legal department).
Matthias
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden