Michael Orlitzky <[email protected]> wrote: > > Why are you focusing on /tmp and /var/tmp?
Because only world-writable directories are the ones which can be exploited unless the tmpfiles.conf author does something malevolent or extremely stupid. > To pick a relevant example relevant? > If that was a 'Z' entry, or if it created another portage:portage > directory beneath /var/cache/eix In other words: If the completely harmless example would have been replaced by an intentionally malevolent one, this could do harm. With this logic, installing systemd-opentmpfiles is the same security risk: If its ebuild would just contain the line chmod -R /* everybody could easily become root on your system when you install it.
