Lennart Poettering wrote: > On Mon, 04.04.11 13:41, Ludwig Nussel ([email protected]) wrote: > > > > There are. A lot of software creates subdirectories beneath > > > /var/lock, for example LVM. If you allow creation of lockfiles in > > > /var/lock, then this enables the same programs to break LVM (and > > > everything else creating subdirs there), and even use LVM to break the > > > system even further. > > > > > > That's the point that https://bugzilla.redhat.com/show_bug.cgi?id=581884 > > > tries to make. > > > > Well, that's not nice but not an immediate problem either. You'd > > have to exploit a bug in lockdev to gain access to the lock group > > first. Same risk as with any other setuid program. > > But it defeats the point of the "lock" group. Because it enables code > that runs under that GID to destroy the system as if it was root.
Tjo. The system just isn't thought out well in several ways. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
