Lennart Poettering wrote: > On Mon, 04.04.11 10:56, Ludwig Nussel ([email protected]) wrote: > > Lennart Poettering wrote: > > > > So as long as there are no inherently unsolvable problems > > with lockdev using /var/lock directly I see no need to go the a half > > solution /var/lock/lockdev. > > There are. A lot of software creates subdirectories beneath > /var/lock, for example LVM. If you allow creation of lockfiles in > /var/lock, then this enables the same programs to break LVM (and > everything else creating subdirs there), and even use LVM to break the > system even further. > > That's the point that https://bugzilla.redhat.com/show_bug.cgi?id=581884 > tries to make.
Well, that's not nice but not an immediate problem either. You'd have to exploit a bug in lockdev to gain access to the lock group first. Same risk as with any other setuid program. > > How many packages in Fedora that did not use lockdev already were > > actually patched to use /var/lock/lockdev anyways? > > No idea, this happened before my time. I'd guess not many. At least one of the more obvious candidates, pppd still puts it's lock file in /var/lock. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
