RFC: Move default module cache path from /tmp

Hello,

I’d like to request that we move the default module cache that is currently created in /tmp to somewhere that isn’t a shared writable directory (with all of the associated security risks).

The traditional Unix solution for caches (web browser, ccache, etc) is to have a directory in $HOME.

I’d like to suggest moving the clang module cache there.

Dave

nnelson@x570:~$ mktemp -d
/tmp/tmp.lOPA8997cg
nnelson@x570:~$ ls -ld /tmp/tmp.lOPA8997cg
drwx------ 2 nnelson nnelson 40 Jun 21 11:27 /tmp/tmp.lOPA8997cg

This shows that mktemp creates a directory under /tmp with only the user’s access permissions.

/tmp currently defaults to disk when Ubuntu is installed. There may be cases where some distributions mount /tmp in memory. I have changed fstab here to mount /tmp in memory.

Neil Nelson

Hello,

I'd like to request that we move the default module cache that is currently created in /tmp to somewhere that isn't a shared writable directory (with all of the associated security risks).

This hasn't really been an issue for a long time on modern *NIX systems. /tmp usually has the sticky bit set, which allows any user to create a file or directory owned by them and with permissions that are not world readable,(and mkdirtemp does that automatically).

The traditional Unix solution for caches (web browser, ccache, etc) is to have a directory in $HOME.

There are three places where caches live on *NIX (ignoring XNU systems, which add a few more):

  - /tmp, for caches that are safe to discard across reboots
  - /var/cache, for things that are shared and are expected to persist across reboots
  - ~/.cache (if $XDG_CACHE_HOME is unsed), for things that are pre-user and are persistent.

I'd like to suggest moving the clang module cache there.

If the cache is per-user (for security, I believe it has to be, unless there is a trusted clang daemon running somewhere to maintain system-wide ones) and should be preserved across reboots, I agree. We should put them somewhere like $XDG_CACHE_HOME/clang.

That said, on a lot of systems, $HOME is a lot slower than a build disk and so it would be nice to have an environment variable to override this configuration.

David