subject:"Re\: Processed\: Re\: Bug#620458\: base\-files\: Please make \/var\/run world\-writable and sticky, like \/var\/lock and \/tmp"

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

2011-04-05 Thread Michael Biebl

Am 05.04.2011 17:30, schrieb Debian Bug Tracking System:
> Processing commands for cont...@bugs.debian.org:
> 
>> reassign 620458 general
> Bug #620458 [base-files] base-files: Please make /var/run world-writable and 
> sticky, like /var/lock and /tmp
> Bug reassigned from package 'base-files' to 'general'.
> Bug No longer marked as found in versions base-files/6.1.

Very bad idea imho, I'm strongly against it.
The point of /run is not to create a second /tmp, where everyone can write into.

daemons running as regular user should either put it's runtime files in $HOME or
$XDG_RUNTIME_DIR [1]. The latter is relatively new and I'd rather see us embrace
that in Debian and make sure it is setup properly.


Michael

[1] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

2011-04-05 Thread Marco d'Itri

On Apr 05, Michael Biebl  wrote:

> Very bad idea imho, I'm strongly against it.
> The point of /run is not to create a second /tmp, where everyone can write 
> into.
Agreed, I really do not want to consider the security implications of a
world-writeable {,/var}/run.
Programs which use /run are supposed to use a subdirectory anyway.

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

2011-04-05 Thread Michael Biebl

Am 05.04.2011 18:29, schrieb Marco d'Itri:
> On Apr 05, Michael Biebl  wrote:
> 
>> Very bad idea imho, I'm strongly against it.
>> The point of /run is not to create a second /tmp, where everyone can write 
>> into.
> Agreed, I really do not want to consider the security implications of a
> world-writeable {,/var}/run.
> Programs which use /run are supposed to use a subdirectory anyway.

Yeah. Daemons which drop privileges would have a properly owned subdirectory in
/run. Such a subdirectory would be setup by a privileged process. Usually that
is done in the sysv init script itself, although I'd like us to provide a more
declarative mechanism for that.

Cheers,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

signature.asc
Description: OpenPGP digital signature

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

3 matches

Site Navigation

Mail list logo

Footer information