On 11/22/19 12:30 PM, Guillem Jover wrote: > On Fri, 2019-11-22 at 17:36:21 +0000, Alejandro Del Castillo wrote: >> I was pretty mystified on what's different...then I realized that the >> issue only happens when following symlinks on tmpfs (/tmp). Adding an >> extra directory (tmp) to the dpkg-test example reproduces the failure. >> >> At the end of the email, I have a patch that modifies the tests to show >> the failure (I tried attaching the patch to the email, but that made the >> list bot swallow my message). >> >> Is this a know issue or expected behavior? > > Ok, the problem would be due to /proc/sys/fs/protected_symlinks being > set to 1.
Ah!, that explains it! > So, I guess this is expected in the sense that letting [od]pkg write > into something with the properties of /tmp is insecure anyway, and > it should not be done. :) > > Otherwise this is supported and should work. Thanks a lot Guillem, glad we got to the bottom of it. > Thanks, > Guillem > -- Cheers, Alejandro
