sorry for a blunt follow-up -- wouldn't making /var/run writable by regular mortals ask for security concerns if an attacker starts pre-creating files/pipes trying to steal the communications of daemons spawned by root or just ruin some data on the system by symlinking against root-owned files?
On Tue, 05 Apr 2011, Santiago Vila wrote: > > /tmp and /var/lock currently allow writes by anyone, with the sticky bit > > set to only allow removal by the owner. Please consider doing the same > > for /var/run. That would allow daemons run as non-root users (including > > those run as part of user sessions) to put their sockets in /var/run. > I will be happy to change the default permissions once that every > program is modified to support both 755 and 1777 permissions. > But until then, this is *hardly* a bug in base-files (as I can't fix it) > but a general bug, as it affects a large number of packages, hence the > reassign. -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110405163159.gt6...@onerussian.com
