Package: dbus-daemon Version: 1.14.4-1 Severity: important
Dear Utopia Maintenance Team, on my machine with sysv init, starting firefox through an ssh X tunnel creates a socket file in /tmp, e.g., /tmp/dbus-TisQYrBfOV which is world readable, writable, executable (o=rwx). Is this intended? Isn't it a security problem? The output of 'lsof | grep /tmp/dbus' says dbus-daemon is connected to the socket. Regards, Jörg. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (600, 'testing'), (500, 'unstable'), (5, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.0.2 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C.utf8, LC_CTYPE=C.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) Versions of packages dbus-daemon depends on: ii dbus-bin 1.14.4-1 ii dbus-session-bus-common 1.14.4-1 ii libapparmor1 3.0.7-1 ii libaudit1 1:3.0.7-1.1 ii libc6 2.35-3 ii libcap-ng0 0.8.3-1+b1 ii libdbus-1-3 1.14.4-1 ii libexpat1 2.4.9-1 ii libselinux1 3.4-1+b2 ii libsystemd0 251.6-1 dbus-daemon recommends no packages. dbus-daemon suggests no packages. -- no debconf information