Your message dated Sat, 9 Apr 2011 10:00:13 +0200 with message-id <201104091000.14422.holger@layer-acht.org> and subject line Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp has caused the Debian Bug report #620458, regarding base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 620458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620458 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp
- From: Josh Triplett <josh@joshtriplett.org>
- Date: Fri, 01 Apr 2011 18:11:25 -0700
- Message-id: <20110402011125.9554.78181.reportbug@feather>
Package: base-files Version: 6.1 Severity: wishlist /tmp and /var/lock currently allow writes by anyone, with the sticky bit set to only allow removal by the owner. Please consider doing the same for /var/run. That would allow daemons run as non-root users (including those run as part of user sessions) to put their sockets in /var/run. Thanks, Josh Triplett -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages base-files depends on: ii gawk [awk] 1:3.1.7.dfsg-5 GNU awk, a pattern scanning and pr ii mawk [awk] 1.3.3-15 a pattern scanning and text proces base-files recommends no packages. base-files suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---
- To: 620458-done@bugs.debian.org
- Subject: Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp
- From: Holger Levsen <holger@layer-acht.org>
- Date: Sat, 9 Apr 2011 10:00:13 +0200
- Message-id: <201104091000.14422.holger@layer-acht.org>
- In-reply-to: <[🔎] 20110405162928.GA10443@bongo.bofh.it>
- References: <[🔎] alpine.DEB.2.00.1104051722280.21245@cantor.unex.es> <[🔎] 4D9B3760.4010501@debian.org> <[🔎] 20110405162928.GA10443@bongo.bofh.it>
Hi, On Dienstag, 5. April 2011, Marco d'Itri wrote: > On Apr 05, Michael Biebl <biebl@debian.org> wrote: > > Very bad idea imho, I'm strongly against it. > > The point of /run is not to create a second /tmp, where everyone can > > write into. > Agreed, I really do not want to consider the security implications of a > world-writeable {,/var}/run. > Programs which use /run are supposed to use a subdirectory anyway. Agreed, thus closing. cheers, HolgerAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---