From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-194079-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 8DEB71382C5
	for <garchives@archives.gentoo.org>; Sun,  6 Dec 2020 10:46:11 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9E6C2E0901;
	Sun,  6 Dec 2020 10:46:05 +0000 (UTC)
Received: from mail-gw.thundermail.uk (mail-gw.thundermail.uk [149.255.60.76])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 37B47E084A
	for <gentoo-user@lists.gentoo.org>; Sun,  6 Dec 2020 10:46:04 +0000 (UTC)
Received: from mailgw01.thundermail.uk (mail-gw.thundermail.uk [149.255.60.66])
	by mail-gw.thundermail.uk (Postfix) with ESMTPS id 089C0600A91B
	for <gentoo-user@lists.gentoo.org>; Sun,  6 Dec 2020 10:46:02 +0000 (GMT)
X-ASG-Debug-ID: 1607251561-055413665b165b920001-LfjuLa
Received: from cloud307.thundercloud.uk (cloud307.thundercloud.uk [149.255.58.40]) by mailgw01.thundermail.uk with ESMTP id 0FMSQQ0htryl8vDZ (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <gentoo-user@lists.gentoo.org>; Sun, 06 Dec 2020 10:46:01 +0000 (GMT)
X-Barracuda-Envelope-From: confabulate@kintzios.com
X-Barracuda-Effective-Source-IP: cloud307.thundercloud.uk[149.255.58.40]
X-Barracuda-Apparent-Source-IP: 149.255.58.40
Received: from lenovo.localdomain (230.3.169.217.in-addr.arpa [217.169.3.230])
	by cloud307.thundercloud.uk (Postfix) with ESMTPSA id DC793C0975F
	for <gentoo-user@lists.gentoo.org>; Sun,  6 Dec 2020 10:46:00 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kintzios.com;
	s=default; t=1607251561;
	bh=05VXeM1YLLU5OYxyF2+7/v9GJ985AI1Kz8JEzBvx2lw=; h=From:To:Subject;
	b=oZIh0OuUNdwEINEIsTm0cbZWx8qOS/z1fyPH0LQv2kkCgdED9NUF7uoYyP24oSKdp
	 UzmNIhJ2lv/MZJa2Kt7k3In19Anmizu+efmBvCCAekNOHsLShdAQ36NWtqX0DPiALM
	 1sSRlSYmDuTyzo4aOV9QLMxK2inqlgNWz4FYvFOU=
Authentication-Results: cloud307.thundercloud.uk;
        spf=pass (sender IP is 217.169.3.230) smtp.mailfrom=confabulate@kintzios.com smtp.helo=lenovo.localdomain
Received-SPF: pass (cloud307.thundercloud.uk: connection is authenticated)
From: Michael <confabulate@kintzios.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Switching default tmpfiles and faster internet
 coming my way.
Date: Sun, 06 Dec 2020 10:45:38 +0000
X-ASG-Orig-Subj: Re: [gentoo-user] Re: Switching default tmpfiles and faster internet
 coming my way.
Message-ID: <2179606.ElGaqSPkdT@lenovo.localdomain>
In-Reply-To: <slrnrsp3k6.15nf8.martin@larch.invalid>
References: <ccb1195c-72be-6fbc-342d-656ecada509b@gmail.com>
 <slrnrsp3k6.15nf8.martin@larch.invalid>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4583770.GXAFRqVoOG";
 micalg="pgp-sha256"; protocol="application/pgp-signature"
X-PPP-Message-ID: <20201206104601.2183728.93312@cloud307.thundercloud.uk>
X-PPP-Vhost: kintzios.com
X-Barracuda-Connect: cloud307.thundercloud.uk[149.255.58.40]
X-Barracuda-Start-Time: 1607251561
X-Barracuda-Encrypted: ECDHE-RSA-AES128-GCM-SHA256
X-Barracuda-URL: https://149.255.60.66:443/cgi-mod/mark.cgi
X-ASG-Orig-Subj: Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.
X-Virus-Scanned: by bsmtpd at thundermail.uk
X-Barracuda-Scan-Msg-Size: 1627
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1.9 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.86338
	Rule breakdown below
	 pts rule name              description
	---- ---------------------- --------------------------------------------------
X-Archives-Salt: 10fa8996-a835-4093-871f-df5e763e5d7b
X-Archives-Hash: ea4787a9b2e53c9ab2405eae7a5b0db8

--nextPart4583770.GXAFRqVoOG
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="UTF-8"; protected-headers="v1"
From: Michael <confabulate@kintzios.com>
To: gentoo-user@lists.gentoo.org
Reply-To: confabulate@kintzios.com
Subject: Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.
Date: Sun, 06 Dec 2020 10:45:38 +0000
Message-ID: <2179606.ElGaqSPkdT@lenovo.localdomain>
In-Reply-To: <slrnrsp3k6.15nf8.martin@larch.invalid>
References: <ccb1195c-72be-6fbc-342d-656ecada509b@gmail.com> <slrnrsp3k6.15nf8.martin@larch.invalid>

On Sunday, 6 December 2020 07:55:29 GMT Martin Vaeth wrote:
> Dale <rdalek1967@gmail.com> wrote:
> > It sounds like a rather rare problem. Maybe even only during boot up.
> 
> It is a non-existent problem on openrc if you clean /tmp and /var/tmp
> on boot (which you should do if you use opentmp):
> 
> The purpose of opentmpfiles is to fill these directories with
> certain data during boot, and when run only during boot
> (as it is supposed to be) there is nothing wrong with it.
> 
> The situation is different for systemd which runs tmpfiles
> periodically to clean up data from /tmp and /var/tmp
> (something which should argueably be done by a dedicated tool
> instead of putting two different functionalities into the same
> tool - the usual systemd misconception of trying to be monolithic).
> 
> There is a certain danger if you install a new package whose
> ebuild processes on installation a certain tmpfiles.conf
> which writes into one of the world-writable directories /tmp or
> /var/tmp: Such an ebuild does an inherently unsafe thing during
> installation (but it doesn't matter whether it does this using
> opentmpfiles or by calling the shell commands manually), and I
> would not hesitate to file a bug against such an ebuild.


Given M.Orlitzky's comments and discussions with systemd devs he shared, 
what's the optimal solution for OpenRC users, who want to avoid systemd?

Rely on ebuild creators and maintainer checks to guard against these inherent 
vulnerabilities?  Or install --oneshot systemd-tmpfiles, at least temporarily 
until an OpenRC solution is cooked?
--nextPart4583770.GXAFRqVoOG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAl/MtlIACgkQseqq9sKV
Zxl0JA/5AWNOVs5/wkdswPs0DboxRSiGOngTf2XTfIfk7qaCyxU8v1S71JX+CoOZ
nUGLU/fIV05F9b/JGOF2NTbZRE8dAuh07i5PCRAhzUvYnuJrvrHfhq/y63DR43Bz
heFX8XyJERGhBk7RlMrk1w6nQIrE3FYJK+7BwRp5OluuOZih3/OiUROD7rvpFhZp
YIbizu7qby1+hF0BRgmuRTakJXxykSV1HiNv06leaVURrfLmULLmRWM3LnU0XZDv
qVG7pnPPvelkR9EQtbkaIsQu3A6vfgqT7L4/RJd98u7XGCYyTGskfvFUtbwufhZU
7afSwR1iNfC+aTpxzvNPWtJe9TWJz5d7+mrnJ7FfkBi/CPpxXO4rTuoyabel4FQz
hcBzU6zckQFyu2X+ZW0tgXX/eF41XxR0HHCkKnxr4L8rkXdPlOOXFb8sYmK6WOHn
RrLjA5JJToK+hGvxxtrHPeLryuekYcewYEnw8sqxeiQ0/6NH3kiwBsidQeCRnwui
F7WKu/6xuy69XzfJYvzqgsK9ukgSVSIeHQuYxS/txlOBRk5iKW4Q6XREp+PPpL4s
3Z/ReLwO4dp6e9zYfQkw++DXi/pB9yREVhHuFJyF9kP8Dnlret92RlxNKnEIwoA/
eISF2ZppWVcqHYbIWIcQ4uuY3yCQh4L9YLvHDEVSu3hUZWvmlP0=
=yHLB
-----END PGP SIGNATURE-----

--nextPart4583770.GXAFRqVoOG--