Document security concern for users setting the system_tmpdirs shell … #72213
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…plugin config
system_tmpdirs is only meant for systems which officially store their
temporary files in someplace other than /tmp or /var/tmp. Those
types of directories should have been pre-created by the system
administrator (usually by the operating system's setup). There is a
security risk if the user puts a directory that has not been pre-created
into this list so be sure to document not to do that.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
/cc @jborean93 @samdoran for technical review
This should likely get backported as well as setting this to a directory which the sysadmin has not created will open the security issue in all supported versions.