| 1 |
Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> |
| 3 |
> Why are you focusing on /tmp and /var/tmp? |
| 4 |
|
| 5 |
Because only world-writable directories are the ones which |
| 6 |
can be exploited unless the tmpfiles.conf author does |
| 7 |
something malevolent or extremely stupid. |
| 8 |
|
| 9 |
> To pick a relevant example |
| 10 |
|
| 11 |
relevant? |
| 12 |
|
| 13 |
> If that was a 'Z' entry, or if it created another portage:portage |
| 14 |
> directory beneath /var/cache/eix |
| 15 |
|
| 16 |
In other words: If the completely harmless example would have |
| 17 |
been replaced by an intentionally malevolent one, this could do harm. |
| 18 |
With this logic, installing systemd-opentmpfiles is the same |
| 19 |
security risk: If its ebuild would just contain the line |
| 20 |
chmod -R /* |
| 21 |
everybody could easily become root on your system when you install it. |
Archives