| 1 |
On 2020-12-03 19:40-0600 Dale <rdalek1967@×××××.com> wrote: |
| 2 |
|
| 3 |
> Howdy, |
| 4 |
> |
| 5 |
> I've mentioned I follow -dev to see what is coming around the corner. |
| 6 |
> There is a thread on there about switching tmpfiles packages for |
| 7 |
> security reasons. I currently have sys-apps/opentmpfiles installed. |
| 8 |
> I guess that is the default for openrc. Someone mentioned |
| 9 |
> systemd-tmpfiles as a alternative that doesn't have the same security |
| 10 |
> problems. My question is, is this big enough a problem to switch or |
| 11 |
> is it safe enough for us to use the same we have been? It sounds |
| 12 |
> like a rather rare problem. Maybe even only during boot up. I'm not |
| 13 |
> 100% sure what it does or anything really. I guess that's why I |
| 14 |
> con't make sense of switching or not since I'm not sure what the |
| 15 |
> package does or how serious the security problem is. |
| 16 |
|
| 17 |
From what I could gather, opentmpfiles is only vulnerable when an |
| 18 |
attacker is able to put a config file into /etc/tmpfiles.d/, so they |
| 19 |
have to be already root. |
| 20 |
Nevertheless I switched to systemd-tmpfiles and it just works and |
| 21 |
doesn't pull any other systemd-stuff in. |
| 22 |
|
| 23 |
I don't think it really matters which one you use. |
| 24 |
|
| 25 |
Kind regards, tastytea |
| 26 |
|
| 27 |
-- |
| 28 |
Get my PGP key with `gpg --locate-keys tastytea@××××××××.de` or at |
| 29 |
<https://tastytea.de/tastytea.asc>. |
Archives