On 2020-12-03 19:40-0600 Dale <rdalek1...@gmail.com> wrote: > Howdy, > > I've mentioned I follow -dev to see what is coming around the corner. > There is a thread on there about switching tmpfiles packages for > security reasons. I currently have sys-apps/opentmpfiles installed. > I guess that is the default for openrc. Someone mentioned > systemd-tmpfiles as a alternative that doesn't have the same security > problems. My question is, is this big enough a problem to switch or > is it safe enough for us to use the same we have been? It sounds > like a rather rare problem. Maybe even only during boot up. I'm not > 100% sure what it does or anything really. I guess that's why I > con't make sense of switching or not since I'm not sure what the > package does or how serious the security problem is.
From what I could gather, opentmpfiles is only vulnerable when an attacker is able to put a config file into /etc/tmpfiles.d/, so they have to be already root. Nevertheless I switched to systemd-tmpfiles and it just works and doesn't pull any other systemd-stuff in. I don't think it really matters which one you use. Kind regards, tastytea -- Get my PGP key with `gpg --locate-keys tasty...@tastytea.de` or at <https://tastytea.de/tastytea.asc>.
pgp9ycZr_oRLi.pgp
Description: Digitale Signatur von OpenPGP
