Actions
Bug #15054
closedPermissions on tmpfs RAM disk for ``/var`` are too lenient
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
The code in source:src/etc/rc.ramdisk_functions.sh#L133 configures any tmpfs RAM disk with 1777
permissions, so both /tmp
and /var
get set this way.
Those permissions are OK for /tmp
but for /var
it should be using mode 1755
.
The relaxed restrictions on /var
prevent some daemons from running in a chroot inside that directory, such as the LADVD package.
Updated by Jim Pingle 10 months ago
I just pushed a commit that fixes this. It uses 1777
for tmp
only and 1755
for anything else (currently only var
).
: mount | egrep 'tmpfs.*/(tmp|var)' tmpfs on /tmp (tmpfs, local) tmpfs on /var (tmpfs, local) : ls -ld /tmp /var drwxrwxrwt 4 root wheel 2176 Mar 6 20:16 /tmp drwxr-xr-t 16 root wheel 896 Mar 6 20:12 /var
Updated by Jim Pingle 10 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 7d87d7cbce1bf6f0c8a44888c640e2c29393a9cb.
Updated by Jim Pingle 10 months ago
- Status changed from Feedback to Resolved
Permissions are as expected on the latest build.
Actions