On Friday 03 January 2003 23:42, Kevin N. Carpenter wrote:
> I've been playing around with using tmpfs for /tmp and had it mounted
> with my standard "noexec,nodev,nosuid" anti-hack security options.  This
> works fine for VI or other normal tools.
>
> I wanted Portage to use it as well, to symbolically linked /var/tmp to
> /tmp.
>
> That broke emerge.  The "noexec" option prevents any builds from
> working.  That made me check one of my unmodified gentoo systems where I
> spotted that /var/tmp was world read/execute.  That's a security problem.
>
> Any reason that /var/tmp can't be root read/execute only?
>
> Kevin C.
>

It's a standard temporary directory so yes. It should be open for the public. 
This doesn't hold for /var/tmp/portage though. You also might want to use an 
extra tmpfs or a bind mount or a change in make.conf as emerge has some 
issues with symlinked paths.

Paul

-- 
Paul de Vrieze
Junior Researcher
Mail: pauldv@cs.kun.nl
Homepage: http://www.devrieze.net