1 |
On 2020-12-03 19:40-0600 Dale <rdalek1967@×××××.com> wrote: |
2 |
|
3 |
> Howdy, |
4 |
> |
5 |
> I've mentioned I follow -dev to see what is coming around the corner. |
6 |
> There is a thread on there about switching tmpfiles packages for |
7 |
> security reasons. I currently have sys-apps/opentmpfiles installed. |
8 |
> I guess that is the default for openrc. Someone mentioned |
9 |
> systemd-tmpfiles as a alternative that doesn't have the same security |
10 |
> problems. My question is, is this big enough a problem to switch or |
11 |
> is it safe enough for us to use the same we have been? It sounds |
12 |
> like a rather rare problem. Maybe even only during boot up. I'm not |
13 |
> 100% sure what it does or anything really. I guess that's why I |
14 |
> con't make sense of switching or not since I'm not sure what the |
15 |
> package does or how serious the security problem is. |
16 |
|
17 |
From what I could gather, opentmpfiles is only vulnerable when an |
18 |
attacker is able to put a config file into /etc/tmpfiles.d/, so they |
19 |
have to be already root. |
20 |
Nevertheless I switched to systemd-tmpfiles and it just works and |
21 |
doesn't pull any other systemd-stuff in. |
22 |
|
23 |
I don't think it really matters which one you use. |
24 |
|
25 |
Kind regards, tastytea |
26 |
|
27 |
-- |
28 |
Get my PGP key with `gpg --locate-keys tastytea@××××××××.de` or at |
29 |
<https://tastytea.de/tastytea.asc>. |