[gentoo-commits] data/gentoo-news:master commit in: 2021-07-07-systemd-tmpfiles/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] data/gentoo-news:master commit in: 2021-07-07-systemd-tmpfiles/
Date:	Fri, 09 Jul 2021 12:33:44
Message-Id:	`1625833988.a93dbc1701de3b983c6f791391f7967d4b919b4a.sam@gentoo`

1

commit:     a93dbc1701de3b983c6f791391f7967d4b919b4a

2

Author:     Sam James <sam <AT> gentoo <DOT> org>

3

AuthorDate: Fri Jul  9 12:33:08 2021 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Fri Jul  9 12:33:08 2021 +0000

6

URL:        https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=a93dbc17

7

8

Revert "2021-07-07-systemd-tmpfiles: add news item"

9

10

This reverts commit 29519425838e9b67c6802e321ce52c76a65c2215.

11

12

Reverting for now to allow more time for review on the mailing list

13

and to fix title / date posted, after discussion on IRC.

14

15

Signed-off-by: Sam James <sam <AT> gentoo.org>

16

17

 .../2021-07-07-systemd-tmpfiles.en.txt             | 66 ----------------------

18

 1 file changed, 66 deletions(-)

19

20

diff --git a/2021-07-07-systemd-tmpfiles/2021-07-07-systemd-tmpfiles.en.txt b/2021-07-07-systemd-tmpfiles/2021-07-07-systemd-tmpfiles.en.txt

21

deleted file mode 100644

22

index 159f95f..0000000

23

--- a/2021-07-07-systemd-tmpfiles/2021-07-07-systemd-tmpfiles.en.txt

24

+++ /dev/null

25

@@ -1,66 +0,0 @@

26

-Title: systemd-tmpfiles replaces opentmpfiles due to security issues

27

-Author: Georgy Yakovlev <gyakovlev@g.o>

28

-Author: Sam James <sam@g.o>

29

-Posted: 2021-07-07

30

-Revision: 1

31

-News-Item-Format: 2.0

32

-Display-If-Installed: sys-apps/opentmpfiles

33

-Display-If-Installed: sys-apps/systemd-tmpfiles

34

-

35

-A tmpfiles [0] implementation provides a generic mechanism to define

36

-the creation of regular files, directories, pipes, and device nodes,

37

-adjustments to their access mode, ownership, attributes, quota

38

-assignments, and contents, and finally their time-based removal.

39

-It is commonly used for volatile and temporary files and directories

40

-such as those located under /run/, /tmp/, /var/tmp/, the API file

41

-systems such as /sys/ or /proc/, as well as some other directories

42

-below /var/. [1]

43

-

44

-On 2021-07-06, the sys-apps/opentmpfiles package was masked due to a

45

-root privilege escalation vulnerability (CVE-2017-18925 [2],

46

-bug #751415 [3], issue 4 [4] upstream).

47

-

48

-The use of opentmpfiles is discouraged by its maintainer due to the

49

-unpatched vulnerability and other long-standing bugs [5].

50

-

51

-Users will start seeing their package manager trying to replace

52

-sys-apps/opentmpfiles with sys-apps/systemd-tmpfiles because it is

53

-another provider of virtual/tmpfiles.

54

-

55

-Despite the name, 'systemd-tmpfiles' does not depend on systemd, does

56

-not use dbus, and is just a drop-in replacement for opentmpfiles. It is

57

-a small binary built from systemd source code, but works separately,

58

-similarly to eudev or elogind. It is known to work on both glibc and

59

-musl systems.

60

-

61

-Note that systemd-tmpfiles is specifically for non-systemd systems. It

62

-is intended to be used on an OpenRC system.

63

-

64

-If you wish to selectively test systemd-tmpfiles, follow those steps:

65

-

66

- 1. # emerge --oneshot sys-apps/systemd-tmpfiles

67

- 2. # reboot

68

- 3. # rm /etc/runlevels/boot/opentmpfiles-setup

69

- 4. # rm /etc/runlevels/sysinit/opentmpfiles-dev

70

-

71

-No other steps required.

72

-

73

-If, after reviewing the linked bug reference for opentmpfiles, you feel

74

-your system is not vulnerable/applicable to the attack described, you

75

-can unmask [6] opentmpfiles at your own risk:

76

-

77

- 1. In /etc/portage/package.unmask, add a line:

78

- -sys-apps/opentmpfiles-

79

- 2. # emerge --oneshot sys-apps/opentmpfiles

80

-

81

-Note that opentmpfiles is likely to be removed from gentoo repository

82

-in the future.

83

-

84

-[0] https://www.freedesktop.org/software/systemd/man/systemd-tmpfiles.html

85

-[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

86

-[2] https://nvd.nist.gov/vuln/detail/CVE-2017-18925

87

-[3] https://bugs.gentoo.org/751415

88

-[4] https://github.com/OpenRC/opentmpfiles/issues/4

89

-[5] https://bugs.gentoo.org/741216

90

-[6] https://wiki.gentoo.org/wiki/Knowledge_Base:Unmasking_a_package

91

-

1	commit: a93dbc1701de3b983c6f791391f7967d4b919b4a
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Fri Jul 9 12:33:08 2021 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Fri Jul 9 12:33:08 2021 +0000
6	URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=a93dbc17
7
8	Revert "2021-07-07-systemd-tmpfiles: add news item"
9
10	This reverts commit 29519425838e9b67c6802e321ce52c76a65c2215.
11
12	Reverting for now to allow more time for review on the mailing list
13	and to fix title / date posted, after discussion on IRC.
14
15	Signed-off-by: Sam James <sam <AT> gentoo.org>
16
17	.../2021-07-07-systemd-tmpfiles.en.txt \| 66 ----------------------
18	1 file changed, 66 deletions(-)
19
20	diff --git a/2021-07-07-systemd-tmpfiles/2021-07-07-systemd-tmpfiles.en.txt b/2021-07-07-systemd-tmpfiles/2021-07-07-systemd-tmpfiles.en.txt
21	deleted file mode 100644
22	index 159f95f..0000000
23	--- a/2021-07-07-systemd-tmpfiles/2021-07-07-systemd-tmpfiles.en.txt
24	+++ /dev/null
25	@@ -1,66 +0,0 @@
26	-Title: systemd-tmpfiles replaces opentmpfiles due to security issues
27	-Author: Georgy Yakovlev <gyakovlev@g.o>
28	-Author: Sam James <sam@g.o>
29	-Posted: 2021-07-07
30	-Revision: 1
31	-News-Item-Format: 2.0
32	-Display-If-Installed: sys-apps/opentmpfiles
33	-Display-If-Installed: sys-apps/systemd-tmpfiles
34	-
35	-A tmpfiles [0] implementation provides a generic mechanism to define
36	-the creation of regular files, directories, pipes, and device nodes,
37	-adjustments to their access mode, ownership, attributes, quota
38	-assignments, and contents, and finally their time-based removal.
39	-It is commonly used for volatile and temporary files and directories
40	-such as those located under /run/, /tmp/, /var/tmp/, the API file
41	-systems such as /sys/ or /proc/, as well as some other directories
42	-below /var/. [1]
43	-
44	-On 2021-07-06, the sys-apps/opentmpfiles package was masked due to a
45	-root privilege escalation vulnerability (CVE-2017-18925 [2],
46	-bug #751415 [3], issue 4 [4] upstream).
47	-
48	-The use of opentmpfiles is discouraged by its maintainer due to the
49	-unpatched vulnerability and other long-standing bugs [5].
50	-
51	-Users will start seeing their package manager trying to replace
52	-sys-apps/opentmpfiles with sys-apps/systemd-tmpfiles because it is
53	-another provider of virtual/tmpfiles.
54	-
55	-Despite the name, 'systemd-tmpfiles' does not depend on systemd, does
56	-not use dbus, and is just a drop-in replacement for opentmpfiles. It is
57	-a small binary built from systemd source code, but works separately,
58	-similarly to eudev or elogind. It is known to work on both glibc and
59	-musl systems.
60	-
61	-Note that systemd-tmpfiles is specifically for non-systemd systems. It
62	-is intended to be used on an OpenRC system.
63	-
64	-If you wish to selectively test systemd-tmpfiles, follow those steps:
65	-
66	- 1. # emerge --oneshot sys-apps/systemd-tmpfiles
67	- 2. # reboot
68	- 3. # rm /etc/runlevels/boot/opentmpfiles-setup
69	- 4. # rm /etc/runlevels/sysinit/opentmpfiles-dev
70	-
71	-No other steps required.
72	-
73	-If, after reviewing the linked bug reference for opentmpfiles, you feel
74	-your system is not vulnerable/applicable to the attack described, you
75	-can unmask [6] opentmpfiles at your own risk:
76	-
77	- 1. In /etc/portage/package.unmask, add a line:
78	- -sys-apps/opentmpfiles-
79	- 2. # emerge --oneshot sys-apps/opentmpfiles
80	-
81	-Note that opentmpfiles is likely to be removed from gentoo repository
82	-in the future.
83	-
84	-[0] https://www.freedesktop.org/software/systemd/man/systemd-tmpfiles.html
85	-[1] https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
86	-[2] https://nvd.nist.gov/vuln/detail/CVE-2017-18925
87	-[3] https://bugs.gentoo.org/751415
88	-[4] https://github.com/OpenRC/opentmpfiles/issues/4
89	-[5] https://bugs.gentoo.org/741216
90	-[6] https://wiki.gentoo.org/wiki/Knowledge_Base:Unmasking_a_package
91	-

Gentoo Archives: gentoo-commits