[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

* Michael Gilbert <mgilbert@debian.org>, 2012-10-08, 14:15:
"Packages must not include files or directories under /run, or under the older /var/run and /var/lock paths."
The thing is that it really does no harm if a package actually does this

Given that /var/lock is world-writable in Debian, and that dpkg follows symlinks to directories, at least shipping directories in /var/lock is almost certainly a security hole. (Fortunately, this is mitigated by the protected_symlinks feature of the recent kernels.)

Jakub Wilk

Reply to: