Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Russell Coker russ...@coker.com.au writes: On Wed, 6 Apr 2011, Yaroslav Halchenko deb...@onerussian.com wrote: sorry for a blunt follow-up -- wouldn't making /var/run writable by regular mortals ask for security concerns if an attacker starts pre-creating files/pipes trying to steal the

Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Processing commands for cont...@bugs.debian.org: reassign 620458 general Bug #620458 [base-files] base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp Bug reassigned from package 'base-files' to 'general'. Bug No longer marked as found in versions base-files/6.1.

Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

reassign 620458 general thanks On Fri, 1 Apr 2011, Josh Triplett wrote: Package: base-files Version: 6.1 Severity: wishlist /tmp and /var/lock currently allow writes by anyone, with the sticky bit set to only allow removal by the owner. Please consider doing the same for /var/run. That

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Am 05.04.2011 17:30, schrieb Debian Bug Tracking System: Processing commands for cont...@bugs.debian.org: reassign 620458 general Bug #620458 [base-files] base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp Bug reassigned from package 'base-files' to

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

On Apr 05, Michael Biebl bi...@debian.org wrote: Very bad idea imho, I'm strongly against it. The point of /run is not to create a second /tmp, where everyone can write into. Agreed, I really do not want to consider the security implications of a world-writeable {,/var}/run. Programs which

Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

sorry for a blunt follow-up -- wouldn't making /var/run writable by regular mortals ask for security concerns if an attacker starts pre-creating files/pipes trying to steal the communications of daemons spawned by root or just ruin some data on the system by symlinking against root-owned files?

Re: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Am 05.04.2011 18:29, schrieb Marco d'Itri: On Apr 05, Michael Biebl bi...@debian.org wrote: Very bad idea imho, I'm strongly against it. The point of /run is not to create a second /tmp, where everyone can write into. Agreed, I really do not want to consider the security implications of a

Bug#620458: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

On Tue, 05 Apr 2011, Michael Biebl wrote: Am 05.04.2011 17:30, schrieb Debian Bug Tracking System: Processing commands for cont...@bugs.debian.org: reassign 620458 general Bug #620458 [base-files] base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Re: Bug#620458: Processed: Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

Am 05.04.2011 19:03, schrieb Don Armstrong: On Tue, 05 Apr 2011, Michael Biebl wrote: Am 05.04.2011 17:30, schrieb Debian Bug Tracking System: Processing commands for cont...@bugs.debian.org: reassign 620458 general Bug #620458 [base-files] base-files: Please make /var/run world-writable

Re: Bug#620458: base-files: Please make /var/run world-writable and sticky, like /var/lock and /tmp

On Wed, 6 Apr 2011, Yaroslav Halchenko deb...@onerussian.com wrote: sorry for a blunt follow-up -- wouldn't making /var/run writable by regular mortals ask for security concerns if an attacker starts pre-creating files/pipes trying to steal the communications of daemons spawned by root or