Hylton Conacher (ZR1HPC) wrote:
Whilst reading through the list email, I decided it would be a good idea to clear out my own /tmp directory.
Can I safely assume that as long as there is no one logged on, besides root to delete all the files in the /tmp directory, that I could safely use the command:
#> rm -fr /tmp/* ??
A "good" point of view: http://www.securityfocus.com/archive/1/304192/2002-12-18/2002-12-24/0 This message talks about vulnerabilities in a debian package (tmpwatch and tmpreaper also) and/or with mkstemp(). The package's author thinks differently; see a fragment: "IMO there are a couple of things wrong about the points in the text, which I could not resolve in discussion [...] For example, the text speaks of "creation time"; I responded that there is no such thing in POSIX, only the inode change time (which is also changed if you link the file, or rename it, or change the permissions, or even when you delete it). I never got an answer on that." The complete answer was not sent to bugtrack, but you can read it inside the package (108kb): http://ftp.debian.org/debian/pool/main/t/tmpreaper/tmpreaper_1.6.5.tar.gz the file is extracted as tmpreaper-1.6.5\debian\README.security -- Marcos Lazarini