Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?

To: debian-devel@lists.debian.org
Subject: Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
From: Jakub Wilk <jwilk@debian.org>
Date: Mon, 8 Oct 2012 20:27:24 +0200
Message-id: <[🔎] 20121008182724.GA2540@jwilk.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] CANTw=MO8SnuhQBRHmw9mQke8GZv0YTVNrz-mpcPgq-=BJGYYrg@mail.gmail.com>
References: <[🔎] 506F4E15.6080203@abeckmann.de> <[🔎] 20121007172104.GJ31434@radis.cristau.org> <[🔎] 5072ABF8.6030309@debian.org> <[🔎] CANTw=MO8SnuhQBRHmw9mQke8GZv0YTVNrz-mpcPgq-=BJGYYrg@mail.gmail.com>

* Michael Gilbert <mgilbert@debian.org>, 2012-10-08, 14:15:

"Packages must not include files or directories under /run, or underthe older /var/run and /var/lock paths."
The thing is that it really does no harm if a package actually doesthis

Given that /var/lock is world-writable in Debian, and that dpkg followssymlinks to directories, at least shipping directories in /var/lock isalmost certainly a security hole. (Fortunately, this is mitigated by theprotected_symlinks feature of the recent kernels.)


--
Jakub Wilk

Reply to:

References:
- possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
  - From: Andreas Beckmann <debian@abeckmann.de>
- Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
  - From: Julien Cristau <jcristau@debian.org>
- Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
  - From: Thomas Goirand <zigo@debian.org>
- Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
  - From: Michael Gilbert <mgilbert@debian.org>

Prev by Date: Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
Next by Date: Storing additional metadata in the dpkg database [Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?]
Previous by thread: Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
Next by thread: Storing additional metadata in the dpkg database [Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?]
Index(es):
- Date
- Thread