Pymux doesn't honor the $TMP or $TMPDIR variables

[kseistrup]

I use pam_tmpdir in order to have a more secure directory for storing temporary files on a per user basis. The description reads:

Many programs use $TMPDIR for storing temporary files. Not all of them are good at securing the permissions of those files. libpam-tmpdir sets $TMPDIR and $TMP for PAM sessions and sets the permissions quite tight. This helps system security by having an extra layer of security, making such symlink attacks and other /tmp based attacks harder or impossible.

Pymux creates its socket in /tmp, thus ignoring the TMP and TMPDIR variables.

In addition, pymux seems to give this socket permissions 0755. Perhaps it would be more prudent to restrict it to e.g. 0750 (umask 0027)?

[kseistrup]

The solution is probably as easy as using the tempfile.gettempdir() method.

[jonathanslenders]

Thanks for noticing! This is important.

[jonathanslenders]

Fixed by: https://github.com/jonathanslenders/pymux/commit/0e1b1642e758409068b1b0ef52b422a2f0222215