While doing FHS 3.0 research (I'm finishing FHS.spec update by the way) I found that /run is mounted by rc.sysinit with insecure permissions (default for tmpfs, but not appropriate for this directory):
3.15. /run : Run-time variable data [...] Programs may have a subdirectory of /run; this is encouraged for programs that use more than one run-time file. Users may also have a subdirectory of /run, although care must be taken to appropriately limit access rights to prevent unauthorized use of /run itself and other subdirectories. ^[17] [...] ^[17] /run should not be writable for unprivileged users; it is a major security problem if any user can write in this directory. User-specific subdirectories should be writable only by each directory's owner. So rc.sysinit needs fix to use mode=755 for /run. -- Jakub Bogusz http://qboosh.pl/ _______________________________________________ pld-devel-en mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
