Security Portal: Creating software packages for Linux - do's and don'ts. | Linux Today

Security Portal: Creating software packages for Linux – do’s and don’ts.

Written By
Web Webster
Web Webster
Mar 1, 2000

“Linux has been growing in popularity, and with that has come an
increase in third party software available for Linux.
Unfortunately it seems that Linux software vendors are intent
on making the same mistakes made by other third party software
vendors for UNIX.
If you have ever read security advisories
for UNIX software you have probably noticed that the same
problems occur over and over again.
This article will catalog
some of the most common problems, ways to detect them (so you can
then bug your software vendor), and solutions to them. Additionally
I will list some of the more advanced techniques for ensuring
continued system integrity in the event of a failure of a software
package.”

World writeable files and directories
This is a really really bad idea. There is no reason to create a
new world writeable directory, if your software requires temporary
scratch files please use the tmp directory (more notes on this
later), and if you simply need to store user preferences, files and
so on, store them in the user’s home directory.”

Temporary (tmp) files
Most programs need to create temporary files, and this can be done
perfectly safely if a little care and attention is taken. The first
thing a program should do is honor the “TMP_DIR” environment
variable. This allows users to create a ~/tmp_dir directory (or
similar) which can be much more protected than the world accessible
/tmp directory. Also if you must create temp files give them truly
random names.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.