Re: possible mass bug filing for packages shipping stuff in /var/run, /var/lock, /run?
* Michael Gilbert <mgilbert@debian.org>, 2012-10-08, 14:15:
"Packages must not include files or directories under /run, or under
the older /var/run and /var/lock paths."
The thing is that it really does no harm if a package actually does
this
Given that /var/lock is world-writable in Debian, and that dpkg follows
symlinks to directories, at least shipping directories in /var/lock is
almost certainly a security hole. (Fortunately, this is mitigated by the
protected_symlinks feature of the recent kernels.)
--
Jakub Wilk
Reply to: