* Mattia Rizzolo <[email protected]>, 2015-08-08, 17:00:
I don't see how changing it can fix #789401, though.
It would improve the situation, as a malicious local user can not plant
the build dir any more
Right. But there might be other /tmp vulnerabilities (in pbuilder or
elsewhere) that #789401 would ease exploiting.
And there's DoS aspect: local user could stuff chroot's /tmp with
garbage, which pbuilder then will have to compress and later decompress
on every build.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
