On 1/3/20 9:52 AM, Michael Orlitzky wrote: > > But here we are. Do we make OpenRC Linux-only and steal the fix from > systemd? Or pretend to support other operating systems, but leave them > insecure? >
Or the gripping hand: rewrite opentmpfiles in C, so that it's only as insecure as checkpath. Every option sucks. I was only trying to point out that vanilla-sources gets no security support -- security@ has stated this, but it's on a private bug, so I won't quote it -- and the risk is more than academic.