On 2025-09-26 12:28, Brian Inglis via tz wrote:
On 2025-09-26 11:55, Paul Eggert via tz wrote:
If you do not allow data file paths outside TZDIR, how do we test zones
in the packaged build or staging directories, or custom or patched zones
in our dev directories?
We do that by not using setuid/setgid programs to test out-of-TZDIR data.
The behavior hasn't changed for ordinary programs. What's changed is
that tzcode is now more cautious when in a setuid/setgid program.
Caution does seems warranted for these programs, and it's not like we're
inventing the caution (FreeBSD is similarly cautious).
Is it not better to apply the same untrusting attitude about TZ to all
external data
If we did that, we couldn't use ordinary programs to test non-TZDIR data
files, right?
I never understood why effectively constant data files are installed
with user write privileges
You mean like this file on Fedora 42?
$ ls -l /usr/share/zoneinfo/America/Los_Angeles
-rw-r--r--. 3 root root 2852 Mar 26 2025
/usr/share/zoneinfo/America/Los_Angeles
There's would be no security benefit to making the file "-r--r--r--"
instead of "-rw-r--r--", as root can write to readonly files.
