Project

General

Profile

Actions

Bug #15054

closed

Permissions on tmpfs RAM disk for ``/var`` are too lenient

Added by Jim Pingle about 1 year ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Operating System
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

The code in source:src/etc/rc.ramdisk_functions.sh#L133 configures any tmpfs RAM disk with 1777 permissions, so both /tmp and /var get set this way.

Those permissions are OK for /tmp but for /var it should be using mode 1755.

The relaxed restrictions on /var prevent some daemons from running in a chroot inside that directory, such as the LADVD package.

Actions #1

Updated by Jim Pingle 10 months ago

  • Assignee set to Jim Pingle
Actions #2

Updated by Jim Pingle 10 months ago

I just pushed a commit that fixes this. It uses 1777 for tmp only and 1755 for anything else (currently only var).

: mount | egrep 'tmpfs.*/(tmp|var)'
tmpfs on /tmp (tmpfs, local)
tmpfs on /var (tmpfs, local)

: ls -ld /tmp /var
drwxrwxrwt   4 root wheel 2176 Mar  6 20:16 /tmp
drwxr-xr-t  16 root wheel  896 Mar  6 20:12 /var
Actions #3

Updated by Jim Pingle 10 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

Permissions are as expected on the latest build.

Actions

Also available in: Atom PDF