[systemd-devel] [PATCH 06/10] tmpfiles: fix permissions of /run/lock and /run/lock/lockdev

Kay Sievers kay at vrfy.org
Wed Jul 16 04:06:37 PDT 2014


On Wed, Jul 16, 2014 at 12:18 PM, Mantas Mikulėnas <grawity at gmail.com> wrote:
> On Wed, Jul 16, 2014 at 1:09 PM, Jon Severinsson <jon at severinsson.net> wrote:
>> -d /run/lock 0755 root root -
>> +d /run/lock 1777 root root -
>
> Won't any user be able to break the system by filling /run, if it has
> world-writable directories? IIRC, this was one of the reasons
> /run/user/* are separate 'tmpfs'es.

Right, we do not want to do that, we have enough bad places where
ordinary users can drop random things.

Only the lockdev group has access here. That this entire locking model
was a really really stupid idea long time ago, it should just go away,
not be opened to everybody.

Kay


More information about the systemd-devel mailing list