Le vendredi 12 juin 2026, 15:20:20 heure d’été d’Europe centrale Sylvain Beucler a écrit : > Hi, > > On 12/06/2026 13:50, Bastien Roucaries wrote: > > I found that systemd-tempfile support was introduced by 2.57.6 > > https://github.com/canonical/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d > > > > Therefore bullseye not affected. > > AFAIU snapd is vulnerable when it works in /tmp/snap-private-tmp without > a careful creation and clean-up policy for this directory. > > Dropping systemd-tempfile entirely would make it even more vulnerable. > > Incidentally, as I noted in dla-needed.txt, stock bullseye is not > affected, but for a different reason: > NOTE: 20260324: Debian <=bookworm doesn't prune /tmp by default (cf. > /usr/lib/tmpfiles.d/tmp.conf), > NOTE: 20260324: but a local administrator could change that, so I'd > suggest fixing anyway
In this case the systemd functionality should be backported because bullseye have so systemd policy > > Cheers! > Sylvain > >
signature.asc
Description: This is a digitally signed message part.
