[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

sorry for a blunt follow-up -- wouldn't making /var/run writable by
regular mortals  ask for security concerns if an attacker starts
pre-creating files/pipes trying to steal the communications of
daemons spawned by root or just ruin some data on the system by
symlinking against root-owned files?

On Tue, 05 Apr 2011, Santiago Vila wrote:
> > /tmp and /var/lock currently allow writes by anyone, with the sticky bit
> > set to only allow removal by the owner.  Please consider doing the same
> > for /var/run.  That would allow daemons run as non-root users (including
> > those run as part of user sessions) to put their sockets in /var/run.

> I will be happy to change the default permissions once that every
> program is modified to support both 755 and 1777 permissions.

> But until then, this is *hardly* a bug in base-files (as I can't fix it)
> but a general bug, as it affects a large number of packages, hence the
> reassign.
Keep in touch                                     www.onerussian.com
Yaroslav Halchenko                 www.ohloh.net/accounts/yarikoptic

Reply to: