On Mon, Aug 15, 2011 at 04:11:49PM +0100, Roger Leigh wrote: > Fedora has moved to having /var/lock (now /run/lock) owned by > root:lock 0775 rather than root:root 01777. This has the advantage > of making a system directory writable only by root or setgid lock > programs, rather than the whole world. However, due to the > potential for privilege escalation¹² it may be desirable to adopt > what has been done subsequently in Fedora: > /var/lock root:root 0755 > /var/lock/lockdev root:lock 0775 > /var/lock/subsys root:root 0755 > > This mail is to discuss these issues: > > 1) Addition of a "lock" group as a system group > > This is a trivial change but requires approval.
Would such a system group need to be statically allocated, or could it be dynamically allocated? (Generally the latter is better if possible, of course - I haven't had to add a global static group for years, and I like it that way - but one might wish to consider things like bind mounts of /run/lock into chroots, which would no longer be NSS-agnostic.) > Are these any other downsides we need to consider? One issue is the > existence of badly broken programs³, which make stupid assumptions > about lockfiles. What about programs that need to write lock files which are already setgid something else? I don't have an example off the top of my head, but it would surprise me if there were none of these. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110815163554.ga3...@riva.dynamic.greenend.org.uk
