Le vendredi 12 juin 2026, 15:20:20 heure d’été d’Europe centrale Sylvain 
Beucler a écrit :
> Hi,
> 
> On 12/06/2026 13:50, Bastien Roucaries wrote:
> > I found that systemd-tempfile support was introduced by 2.57.6
> > https://github.com/canonical/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d
> > 
> > Therefore bullseye not affected.
> 
> AFAIU snapd is vulnerable when it works in /tmp/snap-private-tmp without 
> a careful creation and clean-up policy for this directory.
> 
> Dropping systemd-tempfile entirely would make it even more vulnerable.
> 
> Incidentally, as I noted in dla-needed.txt, stock bullseye is not 
> affected, but for a different reason:
>    NOTE: 20260324: Debian <=bookworm doesn't prune /tmp by default (cf. 
> /usr/lib/tmpfiles.d/tmp.conf),
>    NOTE: 20260324: but a local administrator could change that, so I'd 
> suggest fixing anyway

In this case the systemd functionality should be backported because bullseye 
have so systemd policy
> 
> Cheers!
> Sylvain
> 
> 

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to