no reason feel free to send a patch to fix it. John
On 16/06/2016 09:07, Etienne Champetier wrote: > Hi, > > since this procd commit from 2013 > https://git.lede-project.org/?p=project/procd.git;a=blob;f=early.c;h=063e1a6abcc8ecdf22b9c8c11b2e81cc2460bcea;hb=be950c5e56b86509e1e237931d0ac8203372be82 > > /var/run (also /var/state and /var/lock) is world writable, with no > sticky bit, which means unpriviledge process can delete root files (or > many other attacks). > > Do you remember if there was a reason to make it 0777 ? > I think before procd this was only handled by /etc/init.d/boot and it was 0755 > > On ubuntu 15.10 it's 0755 for /var/run and 1777 for /var/state and /var/lock > see also FHS stating that /run (new /var/run) should not be world writable > http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s15.html#idm236092622080 > > Regards > Etienne > > _______________________________________________ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev > _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev