From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F3C0A1382C5 for ; Fri, 4 Dec 2020 08:55:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D81AFE0948; Fri, 4 Dec 2020 08:55:05 +0000 (UTC) Received: from mail.tzend.de (mail.tzend.de [185.244.193.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 62312E092E for ; Fri, 4 Dec 2020 08:55:05 +0000 (UTC) Received: by mail.tzend.de (Postfix, from userid 112) id 083CF9A04EB; Fri, 4 Dec 2020 09:55:04 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tzend.de; s=mail; t=1607072104; bh=daYbG8VU8pkhpIV7fVmgEhRJb1xkwwIN0GUVgHs9bZM=; h=Date:From:To:Subject:In-Reply-To:References; b=JfvEzAtfzRqbzBll0AW8e44BSVMjR72W6BExMsTyRWVSM/4qELz21UPJzaK1WUiPA U/xHae1D1EGrloVFqLDqb+IvhvDbISdUgMnAz6GF6Jo17lFrLH9hD6B2z14lVe4Jug gf1U0hjZpFi1v5PUwghB0KjRjtLSTxxpEfzbiPoE= X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on pla.tzend.de X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID autolearn=ham autolearn_force=no version=3.4.4 Received: from ventiloplattform.tastytea.de (p200300c08712ce00e51d8f94f109f7a0.dip0.t-ipconnect.de [IPv6:2003:c0:8712:ce00:e51d:8f94:f109:f7a0]) by mail.tzend.de (Postfix) with ESMTPSA id 86AB29A04B6 for ; Fri, 4 Dec 2020 09:55:03 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tzend.de; s=mail; t=1607072103; bh=daYbG8VU8pkhpIV7fVmgEhRJb1xkwwIN0GUVgHs9bZM=; h=Date:From:To:Subject:In-Reply-To:References; b=GHeKvet6QCOEZkSr0Q+L7ha/7hIgn6hHrCM9m6jhK96bqoHJhQaY5gY0k/oKwu3Ru 2us940Uaw6RnCDrWu6pT4YUjKpvq5ykFX8EUu0AlpsikBjqKcJFdGpfV7Pj69EHoGy RL/FxjQOwUZZxROgGNir87klIC62Udys6TJXir1g= Date: Fri, 4 Dec 2020 09:55:00 +0100 From: tastytea To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way. Message-ID: <20201204095500.7a237277@ventiloplattform.tastytea.de> In-Reply-To: References: Jabber-ID: tastytea@tastytea.de Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/ADdKkX7hwk1MCQaTZDOcXhF"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Archives-Salt: 4022616a-5489-4c4b-9c71-fefe9b6fb00a X-Archives-Hash: 22d6187922a715a3dac7b97b8da85044 --Sig_/ADdKkX7hwk1MCQaTZDOcXhF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 2020-12-03 19:40-0600 Dale wrote: > Howdy, >=20 > I've mentioned I follow -dev to see what is coming around the corner.=C2= =A0 > There is a thread on there about switching tmpfiles packages for > security reasons.=C2=A0 I currently have sys-apps/opentmpfiles installed. > I guess that is the default for openrc.=C2=A0 Someone mentioned > systemd-tmpfiles as a alternative that doesn't have the same security > problems.=C2=A0 My question is, is this big enough a problem to switch or > is it safe enough for us to use the same we have been?=C2=A0 It sounds > like a rather rare problem.=C2=A0 Maybe even only during boot up.=C2=A0 I= 'm not > 100% sure what it does or anything really.=C2=A0 I guess that's why I > con't make sense of switching or not since I'm not sure what the > package does or how serious the security problem is. =46rom what I could gather, opentmpfiles is only vulnerable when an attacker is able to put a config file into /etc/tmpfiles.d/, so they have to be already root. Nevertheless I switched to systemd-tmpfiles and it just works and doesn't pull any other systemd-stuff in. I don't think it really matters which one you use. Kind regards, tastytea --=20 Get my PGP key with `gpg --locate-keys tastytea@tastytea.de` or at . --Sig_/ADdKkX7hwk1MCQaTZDOcXhF Content-Type: application/pgp-signature Content-Description: Digitale Signatur von OpenPGP -----BEGIN PGP SIGNATURE----- iHUEAREKAB0WIQQ1VSZoZMptf/RapufPw5SX8bJuBwUCX8n5ZAAKCRDPw5SX8bJu B6NkAP9Otvl9m8MzP4PrbiivjbROiPqW79SXWlhT3GmN8MI8kAD/Y1xdJTp0l2ZQ Dhm+/hi/csZzpDolhDJ+cjgPKdB175g= =fLep -----END PGP SIGNATURE----- --Sig_/ADdKkX7hwk1MCQaTZDOcXhF--