1 |
Michael Orlitzky <mjo@g.o> wrote: |
2 |
> |
3 |
> Why are you focusing on /tmp and /var/tmp? |
4 |
|
5 |
Because only world-writable directories are the ones which |
6 |
can be exploited unless the tmpfiles.conf author does |
7 |
something malevolent or extremely stupid. |
8 |
|
9 |
> To pick a relevant example |
10 |
|
11 |
relevant? |
12 |
|
13 |
> If that was a 'Z' entry, or if it created another portage:portage |
14 |
> directory beneath /var/cache/eix |
15 |
|
16 |
In other words: If the completely harmless example would have |
17 |
been replaced by an intentionally malevolent one, this could do harm. |
18 |
With this logic, installing systemd-opentmpfiles is the same |
19 |
security risk: If its ebuild would just contain the line |
20 |
chmod -R /* |
21 |
everybody could easily become root on your system when you install it. |