On 12/4/20 12:02 PM, Dale wrote:
So basically, that package would have to start over from scratch to be
fixed. That's not very likely if history means anything.
I think the opentmpfiles devs are planning to copy/paste the
systemd-tmpfiles C code into opentmpfiles eventually. That will make it
safe on Linux, obviously, since systemd-tmpfiles is... but will leave
the hardlink problem unsolved on other kernels.
There's no way to make opentmpfiles both cross-platform and safe. It's
possible to do so with OpenRC more generally, but that's a larger
undertaking that I suspect no one is interested in taking under:
1. Give up on tmpfiles entirely
2. Replace "checkpath" in OpenRC with something that drops privileges
3. Rewrite all of the init scripts that rely on tmpfiles
4. Rework any packages that use tmpfiles without an OpenRC service
Sounds like switching is the best path and really, about the only path.
Until something better comes along or the default is redone from
scratch, not switching leaves a door open for a bad guy.
Exactly.
Do you know if the systemd devs manage this or is this package done
outside of them? Since some don't like systemd, myself being one of
them, I'd like to know what group maintains that package.
Lennart "fuck Gentoo" Poettering is still in charge of systemd-tmpfiles,
but there's nothing bad to be said about him in this regard. Compare his
immediate and complete response to these issues,
* https://github.com/systemd/systemd/issues/7736
* https://github.com/systemd/systemd/issues/7986
with the fact that the opentmpfiles bugs have sat there unaddressed for
three years.
