Actions
Bug #15054
closed
Permissions on tmpfs RAM disk for ``/var`` are too lenient
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
The code in source:src/etc/rc.ramdisk_functions.sh#L133 configures any tmpfs RAM disk with 1777 permissions, so both /tmp and /var get set this way.
Those permissions are OK for /tmp but for /var it should be using mode 1755.
The relaxed restrictions on /var prevent some daemons from running in a chroot inside that directory, such as the LADVD package.
Updated by Jim Pingle about 2 months ago
I just pushed a commit that fixes this. It uses 1777 for tmp only and 1755 for anything else (currently only var).
: mount | egrep 'tmpfs.*/(tmp|var)' tmpfs on /tmp (tmpfs, local) tmpfs on /var (tmpfs, local) : ls -ld /tmp /var drwxrwxrwt 4 root wheel 2176 Mar 6 20:16 /tmp drwxr-xr-t 16 root wheel 896 Mar 6 20:12 /var
Updated by Jim Pingle about 2 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 7d87d7cbce1bf6f0c8a44888c640e2c29393a9cb.
Updated by Jim Pingle about 2 months ago
- Status changed from Feedback to Resolved
Permissions are as expected on the latest build.
Actions