In case you don't know, opentmpfiles has an open CVE
CVE-2017-18925: root privilege escalation by symlink attack
It has been an issue for quite a while, reported 3 years ago,
and not much changed since.
Also it lacks any sort of testing, and master branch is in a non-working
state at time of writing, latest version is masked.[0]

Due to nature of opentmpfiles (it's a POSIX sh script),
it may be impossible to fix symlink handling and TOCTOU races.
As a consequence I'll be switching default tmpfiles
provider to sys-apps/systemd-tmpfiles by the end of the week by updating
virtual/tmpfiles ebuild.

pros of systemd-tmpfiles:
0) Secure.
1) Reference implementation.
2) Supports all features, because ^.
3) Has working tests.
4) Has millions of users as part of systemd.
5) upstream supports standalone usecase/build our ebuild uses. [1][2]
6) drop-in replacement, just emerge and forget.

systemd-tmpfiles does not depend on any systemd-isms, does not need dbus,
and is just a drop-in replacement, the only step needed is to emerge the
it's a simple single binary + manpage, binary links to libacl and couple other
system libs.

existing installations will not be affected, but openrc users are welcome to
opt-in by running 'emerge --oneshot systemd-tmpfiles'

[0] https://bugs.gentoo.org/751739
[1] https://github.com/systemd/systemd/pull/16061

Attachment: signature.asc
Description: PGP signature

Reply via email to