Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp
Am 05.04.2011 17:30, schrieb Debian Bug Tracking System: > Processing commands for cont...@bugs.debian.org: > >> reassign 620458 general > Bug #620458 [base-files] base-files: Please make /var/run world-writable and > sticky, like /var/lock and /tmp > Bug reassigned from package 'base-files' to 'general'. > Bug No longer marked as found in versions base-files/6.1. Very bad idea imho, I'm strongly against it. The point of /run is not to create a second /tmp, where everyone can write into. daemons running as regular user should either put it's runtime files in $HOME or $XDG_RUNTIME_DIR [1]. The latter is relatively new and I'd rather see us embrace that in Debian and make sure it is setup properly. Michael [1] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp
On Apr 05, Michael Biebl wrote: > Very bad idea imho, I'm strongly against it. > The point of /run is not to create a second /tmp, where everyone can write > into. Agreed, I really do not want to consider the security implications of a world-writeable {,/var}/run. Programs which use /run are supposed to use a subdirectory anyway. -- ciao, Marco signature.asc Description: Digital signature
Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp
Am 05.04.2011 18:29, schrieb Marco d'Itri: > On Apr 05, Michael Biebl wrote: > >> Very bad idea imho, I'm strongly against it. >> The point of /run is not to create a second /tmp, where everyone can write >> into. > Agreed, I really do not want to consider the security implications of a > world-writeable {,/var}/run. > Programs which use /run are supposed to use a subdirectory anyway. Yeah. Daemons which drop privileges would have a properly owned subdirectory in /run. Such a subdirectory would be setup by a privileged process. Usually that is done in the sysv init script itself, although I'd like us to provide a more declarative mechanism for that. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature