On Fri, Feb 26, 2021 at 04:13:56PM +0800, Paul Wise wrote:
> Looking at the code, the only possible use of /tmp in updatedb.plocate
> goes via mkstemp, which is secure even with PrivateTmp=false.
Currently, sure. But code has a habit of changing, and the point of
sandboxing is to be safer even
On Fri, 2021-02-26 at 08:32 +0100, Steinar H. Gunderson wrote:
> Well, what do you think is the right fix? Setting PrivateTmp=false,
Seems like the right fix, or just dropping that as it is the default.
> reducing security
Looking at the code, the only possible use of /tmp in updatedb.plocate
On Fri, Feb 26, 2021 at 09:59:00AM +0800, Paul Wise wrote:
> Well, you change the config, and it is still broken even though you
> changed the config, but you don't notice that, later on you do notice
> that, but you don't understand systemd so you don't know that it could
> have broken that and
On Wed, 2021-02-24 at 11:34 +0100, Steinar H. Gunderson wrote:
> I don't count this as a bug, really. If you change config, you change
> config -- and then you can also change the config of the systemd
> service by adding an override in /etc.
Well, you change the config, and it is still broken
On Wed, Feb 24, 2021 at 08:24:55AM +0800, Paul Wise wrote:
> Package: plocate
> Version: 1.1.4-1
> Severity: important
> File: /lib/systemd/system/plocate-updatedb.service
>
> I have emptied PRUNEPATHS since I want all real files indexed including
> the files in the /tmp directory. The
Package: plocate
Version: 1.1.4-1
Severity: important
File: /lib/systemd/system/plocate-updatedb.service
I have emptied PRUNEPATHS since I want all real files indexed including
the files in the /tmp directory. The PrivateTmp=true setting in the
plocate-updatedb systemd service blocks /tmp from
6 matches
Mail list logo