[gentoo-user] Switching default tmpfiles and faster internet coming my way.

[gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

Howdy,

I've mentioned I follow -dev to see what is coming around the corner. 
There is a thread on there about switching tmpfiles packages for
security reasons.  I currently have sys-apps/opentmpfiles installed.  I
guess that is the default for openrc.  Someone mentioned
systemd-tmpfiles as a alternative that doesn't have the same security
problems.  My question is, is this big enough a problem to switch or is
it safe enough for us to use the same we have been?  It sounds like a
rather rare problem.  Maybe even only during boot up.  I'm not 100% sure
what it does or anything really.  I guess that's why I con't make sense
of switching or not since I'm not sure what the package does or how
serious the security problem is.

Also, our local power company is about to start rolling out internet
service.  It's done with fiber and the slowest package, 200MBs/sec, is
over 100 times faster than my current DSL.  It only costs $4.00 a month
more than what I'm paying now.  Their fastest package is 1GBs/sec. 
Dang, I can't even imagine that sort of speed.  Another good thing, same
speed BOTH ways.  I can upload videos just as fast as I can download
one. Yeppie!!

My only thing now, I hope it works like DSL/cable/etc and just requires
me to plug in a ethernet cable.  In other words, OS doesn't matter.  I
suspect it does but we will see. 

Any thoughts on tmpfiles?  What are other doing?  Switching?  Nothing? 

Thanks.

Dale

:-) :-) 

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Kusoneko]

[-- Attachment #1: Type: text/plain, Size: 2161 bytes --]

On December 4, 2020 1:40:57 AM UTC, Dale <rdalek1967@gmail.com> wrote:
>Howdy,
>
>I've mentioned I follow -dev to see what is coming around the corner. 
>There is a thread on there about switching tmpfiles packages for
>security reasons.  I currently have sys-apps/opentmpfiles installed.  I
>guess that is the default for openrc.  Someone mentioned
>systemd-tmpfiles as a alternative that doesn't have the same security
>problems.  My question is, is this big enough a problem to switch or is
>it safe enough for us to use the same we have been?  It sounds like a
>rather rare problem.  Maybe even only during boot up.  I'm not 100%
>sure
>what it does or anything really.  I guess that's why I con't make sense
>of switching or not since I'm not sure what the package does or how
>serious the security problem is.

This is the first I've heard of this but I'm definitely not switching to systemd-anything, even if that's the only alternative.

>Also, our local power company is about to start rolling out internet
>service.  It's done with fiber and the slowest package, 200MBs/sec, is
>over 100 times faster than my current DSL.  It only costs $4.00 a month
>more than what I'm paying now.  Their fastest package is 1GBs/sec. 
>Dang, I can't even imagine that sort of speed.  Another good thing,
>same
>speed BOTH ways.  I can upload videos just as fast as I can download
>one. Yeppie!!

Good for you!

>My only thing now, I hope it works like DSL/cable/etc and just requires
>me to plug in a ethernet cable.  In other words, OS doesn't matter.  I
>suspect it does but we will see. 

Highly doubt OS matters at all for ISPs. Internet service is standardized you could say, at least at the end points where a device connects to a home network or to the ISP, so there's no reason why a Linux-based OS wouldn't be able to connect.

>Any thoughts on tmpfiles?  What are other doing?  Switching?  Nothing? 

Waiting for more info + whether a fix will come and if not what the alternatives are, and if the only alternative is systemd then I'll wait still for something that isn't systemd.

Kusoneko.


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 850 bytes --]

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/3/20 8:40 PM, Dale wrote:
> Howdy,
> 
> I've mentioned I follow -dev to see what is coming around the corner.
> There is a thread on there about switching tmpfiles packages for
> security reasons.  I currently have sys-apps/opentmpfiles installed.  I
> guess that is the default for openrc.  Someone mentioned
> systemd-tmpfiles as a alternative that doesn't have the same security
> problems.

There's a full explanation here:

   http://michael.orlitzky.com/cves/cve-2017-18925.xhtml

I'm a champion systemd hater, but you should switch to systemd-tmpfiles. 
There's no downside other than the name.

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/3/20 9:18 PM, Michael Orlitzky wrote:
> 
> There's a full explanation here:
> 
>     http://michael.orlitzky.com/cves/cve-2017-18925.xhtml
> 

Just kidding, there were actually two:

   http://michael.orlitzky.com/cves/cve-2017-18188.xhtml

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

Michael Orlitzky wrote:
> On 12/3/20 8:40 PM, Dale wrote:
>> Howdy,
>>
>> I've mentioned I follow -dev to see what is coming around the corner.
>> There is a thread on there about switching tmpfiles packages for
>> security reasons.  I currently have sys-apps/opentmpfiles installed.  I
>> guess that is the default for openrc.  Someone mentioned
>> systemd-tmpfiles as a alternative that doesn't have the same security
>> problems.
>
> There's a full explanation here:
>
>   http://michael.orlitzky.com/cves/cve-2017-18925.xhtml
>
> I'm a champion systemd hater, but you should switch to
> systemd-tmpfiles. There's no downside other than the name.
>
>


Will opentmpfiles be fixed at some point or is it true that it can't be
fixed?  On -dev, I think I read where one person said it can't be
fixed.  In that case, switching is likely a good idea since the insecure
package can't be fixed. 

At the bottom of one of the links, it had this.


Mitigation

On Linux, the fs.protected_hardlinks sysctl should be enabled:

    root # sysctl --write fs.protected_hardlinks=1


So, I first figured out how to see what mine was set at.  Little man
page digging later and got this. 


root@fireball / # sysctl -n fs.protected_hardlinks
1
root@fireball / #


Does that improve things any or does that not really help anything? 

While at it, I tend to do updates/switches in Konsole, while logged into
KDE.  Is this deep enough a package it should be done in a console and
in the boot runlevel or safe to do like anything else?  I read somewhere
that while this works on systemd, I don't think it is maintained by the
systemd folks.  Can't recall where I read that tho. 

I still don't quite get what the package does.  I read the links but
it's still murky. 

Thanks for the info.  Could be this helps others as well. 

Dale

:-)  :-) 

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

Kusoneko wrote:
> On December 4, 2020 1:40:57 AM UTC, Dale <rdalek1967@gmail.com> wrote:
>
> Highly doubt OS matters at all for ISPs. Internet service is standardized you could say, at least at the end points where a device connects to a home network or to the ISP, so there's no reason why a Linux-based OS wouldn't be able to connect.
>
>> Any thoughts on tmpfiles?  What are other doing?  Switching?  Nothing? 
> Waiting for more info + whether a fix will come and if not what the alternatives are, and if the only alternative is systemd then I'll wait still for something that isn't systemd.
>
> Kusoneko.
>


That's my thinking too.  I think most all of them are OS neutral.  They
just have a web page to manage them and that's it.  I'm getting giddy
about that sort of speed coming here tho.  Not long ago, you had to be
in town close to a provider and pay a arm and leg to get that sort of
speed.  Now, a little guy can have it.  One that lives out in the sticks
at that.  I'm going to see if I can get more info about the box I
connect too.  That'll give me something to google for and find info about. 

I did think of one thing tho.  I got to find a network card that is
faster.  The one I have now tops out at 100MBs.  It's a old school
type.  I'll have to get a fancy 1GB version I guess.  Hmmmm, I think my
router is 1GB ready.  I may have to recheck that. 

Michael is posting more info on this.  Even tho the alternative has
systemd in the name, I don't think it is coded by the systemd devs.  It
just happens to work with and be tailored around systemd. 

Dale

:-)  :-) 

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[tastytea]

[-- Attachment #1: Type: text/plain, Size: 1306 bytes --]

On 2020-12-03 19:40-0600 Dale <rdalek1967@gmail.com> wrote:

> Howdy,
> 
> I've mentioned I follow -dev to see what is coming around the corner. 
> There is a thread on there about switching tmpfiles packages for
> security reasons.  I currently have sys-apps/opentmpfiles installed.
> I guess that is the default for openrc.  Someone mentioned
> systemd-tmpfiles as a alternative that doesn't have the same security
> problems.  My question is, is this big enough a problem to switch or
> is it safe enough for us to use the same we have been?  It sounds
> like a rather rare problem.  Maybe even only during boot up.  I'm not
> 100% sure what it does or anything really.  I guess that's why I
> con't make sense of switching or not since I'm not sure what the
> package does or how serious the security problem is.

From what I could gather, opentmpfiles is only vulnerable when an
attacker is able to put a config file into /etc/tmpfiles.d/, so they
have to be already root.
Nevertheless I switched to systemd-tmpfiles and it just works and
doesn't pull any other systemd-stuff in.

I don't think it really matters which one you use.

Kind regards, tastytea

-- 
Get my PGP key with `gpg --locate-keys tastytea@tastytea.de` or at
<https://tastytea.de/tastytea.asc>.

[-- Attachment #2: Digitale Signatur von OpenPGP --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[antlists]

On 04/12/2020 01:40, Dale wrote:
> Also, our local power company is about to start rolling out internet
> service.  It's done with fiber and the slowest package, 200MBs/sec, is
> over 100 times faster than my current DSL.  It only costs $4.00 a month
> more than what I'm paying now.  Their fastest package is 1GBs/sec.
> Dang, I can't even imagine that sort of speed.  Another good thing, same
> speed BOTH ways.  I can upload videos just as fast as I can download
> one. Yeppie!!
> 
> My only thing now, I hope it works like DSL/cable/etc and just requires
> me to plug in a ethernet cable.  In other words, OS doesn't matter.  I
> suspect it does but we will see.

We went to fibre recently. They put a new box on the wall which takes an 
RJ-45 instead of the previous situation where ADSL took an RJ-11.

All the blurb says "works with BT Hub 6", which we already had, so I 
didn't bother getting a new router (you had to pay for the "latest and 
greatest" Hub 7).

When the guy installed it - "where's you new router, it won't work with 
this one". No apparently you can't just plug it into any old network 
port, the router needs a dedicated WAN link and the Hub 6 came in two 
versions, one with an ADSL modem and one with a fibre uplink.

So it sounds like you need to swap your ADSL router for a cable router 
or whatever it is, but apart from that you'll be fine.

(And then some sales guy working on behalf of BT knocked on the door, 
was surprised to find we were already BT customers, and rigged up some 
deal that (a) threw in a Hub-7 free, (b) changed our calling plan to 
remove the one-hour limit and add free calls to mobiles, and (c) knocked 
about £2 off our monthly bill!!!)

Cheers,
Wol

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

antlists wrote:
> On 04/12/2020 01:40, Dale wrote:
>> Also, our local power company is about to start rolling out internet
>> service.  It's done with fiber and the slowest package, 200MBs/sec, is
>> over 100 times faster than my current DSL.  It only costs $4.00 a month
>> more than what I'm paying now.  Their fastest package is 1GBs/sec.
>> Dang, I can't even imagine that sort of speed.  Another good thing, same
>> speed BOTH ways.  I can upload videos just as fast as I can download
>> one. Yeppie!!
>>
>> My only thing now, I hope it works like DSL/cable/etc and just requires
>> me to plug in a ethernet cable.  In other words, OS doesn't matter.  I
>> suspect it does but we will see.
>
> We went to fibre recently. They put a new box on the wall which takes
> an RJ-45 instead of the previous situation where ADSL took an RJ-11.
>
> All the blurb says "works with BT Hub 6", which we already had, so I
> didn't bother getting a new router (you had to pay for the "latest and
> greatest" Hub 7).
>
> When the guy installed it - "where's you new router, it won't work
> with this one". No apparently you can't just plug it into any old
> network port, the router needs a dedicated WAN link and the Hub 6 came
> in two versions, one with an ADSL modem and one with a fibre uplink.
>
> So it sounds like you need to swap your ADSL router for a cable router
> or whatever it is, but apart from that you'll be fine.
>
> (And then some sales guy working on behalf of BT knocked on the door,
> was surprised to find we were already BT customers, and rigged up some
> deal that (a) threw in a Hub-7 free, (b) changed our calling plan to
> remove the one-hour limit and add free calls to mobiles, and (c)
> knocked about £2 off our monthly bill!!!)
>
> Cheers,
> Wol
>
>


I knew the modem or internet connection box would be different.  They
generally are unless we go back to dial-up days.  A friend of mine has a
similar service but with a different power company.  I suspect tho they
will use the exact same box since the service is the same.  If I can, I
may look at hers.  She has two boxes.  Pretty sure one is modem and
other is a router of some sort, likely with wi-fi as well.  She said she
watches HD video on her laptop and TV without it ever pausing to cache
or anything.  She pulled up a video on youtube that was HD and it
started playing as soon as she clicked on it and the little line at the
bottom that shows the cache and video time location filled up really
fast.  I suspect you could set it to play at 10X and it still load it
faster than it can play.  It is seriously fast. 

Given the speed, I have no complaints on the price.  I won't notice the
extra $4.00 a month. I'll notice the speed increase tho. 

I can't wait until it gets here.  It will be a bit but it's on the way.

Dale

:-)  :-) 

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael]

[-- Attachment #1: Type: text/plain, Size: 3874 bytes --]

On Friday, 4 December 2020 09:09:36 GMT antlists wrote:
> On 04/12/2020 01:40, Dale wrote:
> > Also, our local power company is about to start rolling out internet
> > service.  It's done with fiber and the slowest package, 200MBs/sec, is
> > over 100 times faster than my current DSL.  It only costs $4.00 a month
> > more than what I'm paying now.  Their fastest package is 1GBs/sec.
> > Dang, I can't even imagine that sort of speed.  Another good thing, same
> > speed BOTH ways.  I can upload videos just as fast as I can download
> > one. Yeppie!!
> > 
> > My only thing now, I hope it works like DSL/cable/etc and just requires
> > me to plug in a ethernet cable.  In other words, OS doesn't matter.  I
> > suspect it does but we will see.
> 
> We went to fibre recently. They put a new box on the wall which takes an
> RJ-45 instead of the previous situation where ADSL took an RJ-11.
> 
> All the blurb says "works with BT Hub 6", which we already had, so I
> didn't bother getting a new router (you had to pay for the "latest and
> greatest" Hub 7).
> 
> When the guy installed it - "where's you new router, it won't work with
> this one". No apparently you can't just plug it into any old network
> port, the router needs a dedicated WAN link and the Hub 6 came in two
> versions, one with an ADSL modem and one with a fibre uplink.
> 
> So it sounds like you need to swap your ADSL router for a cable router
> or whatever it is, but apart from that you'll be fine.
> 
> (And then some sales guy working on behalf of BT knocked on the door,
> was surprised to find we were already BT customers, and rigged up some
> deal that (a) threw in a Hub-7 free, (b) changed our calling plan to
> remove the one-hour limit and add free calls to mobiles, and (c) knocked
> about £2 off our monthly bill!!!)
> 
> Cheers,
> Wol

The full fibre to the premises (FTTP) connection requires a different port and 
modem to the ADSL broadband.

The basic functionality of an (A)DSL broadband modem is to convert electrical 
signals coming down the copper telephone wire to ethernet frames.  The basic 
functionality of a fibre modem is to convert the optical signals arriving 
through the fibre cable to ethernet frames.

In the UK, the old copper telephone wires coming into the customer premises 
terminated on an RJ11 connector, which was plugged into the corresponding RJ11 
socket of the ADSL modem, or into the more frequently provided by the ISP 
modem+router+WiFi combo box.

With fibre the modem, now called an Optical Network Terminal (ONT), no longer 
has a RJ11 port.  Instead it has an optical port to receive the fibre cable 
coming into the premises.  The ONT also has an RJ45 ethernet port for the LAN 
side - where you connect the router's WAN port with an ethernet cable.  It 
also has a telephone port for VoIP and a power connection.  It may also have a 
UPS connection to provide power to keep the phone working when the mains power 
supply suffers an outage - some ONT boxes have an internal battery for this 
purpose.

It follows that an old ADSL router combo box with an RJ11 WAN port is no good 
for fibre - although it can be used as a dumb switch or a WiFi Access Point in 
your LAN.  Instead a router with an RJ45 ethernet WAN port is required.  More 
expensive routers/switches come with SFP transceiver ports, in which you can 
plug either optical or ethernet cables.

Prices for fibre are more expensive depending on the ISP and a new contract is 
required.  Initial discounts are meant to entice earlier migration to fibre, 
but prices will increase by 30% or more after the discount period expires.  If 
you want to stay at the same speed as ADSL or use fibre for telephone only, 
then the price could be the same as the old copper connection, but again it 
depends on the ISP.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael]

[-- Attachment #1: Type: text/plain, Size: 886 bytes --]

On Friday, 4 December 2020 02:18:49 GMT Michael Orlitzky wrote:
> On 12/3/20 8:40 PM, Dale wrote:
> > Howdy,
> > 
> > I've mentioned I follow -dev to see what is coming around the corner.
> > There is a thread on there about switching tmpfiles packages for
> > security reasons.  I currently have sys-apps/opentmpfiles installed.  I
> > guess that is the default for openrc.  Someone mentioned
> > systemd-tmpfiles as a alternative that doesn't have the same security
> > problems.
> 
> There's a full explanation here:
> 
>    http://michael.orlitzky.com/cves/cve-2017-18925.xhtml
> 
> I'm a champion systemd hater, but you should switch to systemd-tmpfiles.
> There's no downside other than the name.

If sys-apps/opentmpfiles is installed on openrc profiles, will this be 
depracated and replaced with sys-apps/systemd-tmpfiles, or is this something 
we should do manually ourselves?

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/4/20 3:55 AM, tastytea wrote:
> 
>  From what I could gather, opentmpfiles is only vulnerable when an
> attacker is able to put a config file into /etc/tmpfiles.d/, so they
> have to be already root.

The exploit does require an entry in /etc/tmpfiles.d, but many packages 
install perfectly innocent files there that happen to be exploitable 
because opentmpfiles handles them insecurely.

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/4/20 5:47 AM, Michael wrote:
> 
> If sys-apps/opentmpfiles is installed on openrc profiles, will this be
> depracated and replaced with sys-apps/systemd-tmpfiles, or is this something
> we should do manually ourselves?
> 

Only the default is being changed for now, so you should swap them yourself.

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/4/20 1:44 AM, Dale wrote:
> 
> Will opentmpfiles be fixed at some point or is it true that it can't be
> fixed?  On -dev, I think I read where one person said it can't be
> fixed.  In that case, switching is likely a good idea since the insecure
> package can't be fixed.
> 

The answer is a bit complicated. The first thing we need to understand 
that opentmpfiles is supposed to be a cross-platform (i.e. POSIX) 
implementation of the systemd-tmpfiles program. Systemd itself only runs 
on newer versions of linux, and since it has control of the entire 
system, it can enable those non-standard symlink and hardlink 
protections. So,

   * systemd-tmpfiles is secure, but only on linux, and only if you let
     it enable fs.protected_hardlinks for you.

The security there comes from two places. The first is that everything 
was implemented carefully in C to avoid these problems, and the second 
is that fs.protected_hardlinks solves the otherwise-unavoidable hardlink 
exploits.

Now for contrast, opentmpfiles is INsecure for two reasons:

   (1) It's written in shell script, so it doesn't have the ability to
       pass e.g. O_NOFOLLOW to all of the calls that might follow
       symlinks. And shell programs all operate on path names as opposed
       to file descriptors, so race conditions are impossible to avoid.

   (2) The fs.protected_hardlinks sysctl is not cross-platform, so if
       it's to fulfill its stated design goals, opentmpfiles can't rely
       on fs.protected_hardlinks.

The first problem is fixable, but the second is not. If opentmpfiles is 
rewritten in C, it could be just as secure as systemd-tmpfiles... but 
**only on linux with fs.protected_hardlinks enabled**.

It will never be both secure and cross-platform. The design of the whole 
tmpfiles.d thing is flawed in that regard.


> 
> root@fireball / # sysctl -n fs.protected_hardlinks
> 1
> root@fireball / #
> 
> 
> Does that improve things any or does that not really help anything?
> 

It completely fixes one of the problems (hardlinks), but does nothing 
for the other (non-terminal symlinks).

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

Michael Orlitzky wrote:
> On 12/4/20 1:44 AM, Dale wrote:
>>
>> Will opentmpfiles be fixed at some point or is it true that it can't be
>> fixed?  On -dev, I think I read where one person said it can't be
>> fixed.  In that case, switching is likely a good idea since the insecure
>> package can't be fixed.
>>
>
> The answer is a bit complicated. The first thing we need to understand
> that opentmpfiles is supposed to be a cross-platform (i.e. POSIX)
> implementation of the systemd-tmpfiles program. Systemd itself only
> runs on newer versions of linux, and since it has control of the
> entire system, it can enable those non-standard symlink and hardlink
> protections. So,
>
>   * systemd-tmpfiles is secure, but only on linux, and only if you let
>     it enable fs.protected_hardlinks for you.
>
> The security there comes from two places. The first is that everything
> was implemented carefully in C to avoid these problems, and the second
> is that fs.protected_hardlinks solves the otherwise-unavoidable
> hardlink exploits.
>
> Now for contrast, opentmpfiles is INsecure for two reasons:
>
>   (1) It's written in shell script, so it doesn't have the ability to
>       pass e.g. O_NOFOLLOW to all of the calls that might follow
>       symlinks. And shell programs all operate on path names as opposed
>       to file descriptors, so race conditions are impossible to avoid.
>
>   (2) The fs.protected_hardlinks sysctl is not cross-platform, so if
>       it's to fulfill its stated design goals, opentmpfiles can't rely
>       on fs.protected_hardlinks.
>
> The first problem is fixable, but the second is not. If opentmpfiles
> is rewritten in C, it could be just as secure as systemd-tmpfiles...
> but **only on linux with fs.protected_hardlinks enabled**.
>
> It will never be both secure and cross-platform. The design of the
> whole tmpfiles.d thing is flawed in that regard.
>
>

So basically, that package would have to start over from scratch to be
fixed.  That's not very likely if history means anything. 


>>
>> root@fireball / # sysctl -n fs.protected_hardlinks
>> 1
>> root@fireball / #
>>
>>
>> Does that improve things any or does that not really help anything?
>>
>
> It completely fixes one of the problems (hardlinks), but does nothing
> for the other (non-terminal symlinks).
>
>


Sounds like switching is the best path and really, about the only path. 
Until something better comes along or the default is redone from
scratch, not switching leaves a door open for a bad guy. 

Do you know if the systemd devs manage this or is this package done
outside of them?  Since some don't like systemd, myself being one of
them, I'd like to know what group maintains that package. 

Thanks much for the info.  At least now I have a better understanding of
the issue.  It gives me info to decide what is best and I hope it does
the same for others reading this thread. 

Dale

:-)  :-) 

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/4/20 12:02 PM, Dale wrote:
> 
> So basically, that package would have to start over from scratch to be
> fixed.  That's not very likely if history means anything.
> 

I think the opentmpfiles devs are planning to copy/paste the 
systemd-tmpfiles C code into opentmpfiles eventually. That will make it 
safe on Linux, obviously, since systemd-tmpfiles is... but will leave 
the hardlink problem unsolved on other kernels.

There's no way to make opentmpfiles both cross-platform and safe. It's 
possible to do so with OpenRC more generally, but that's a larger 
undertaking that I suspect no one is interested in taking under:

   1. Give up on tmpfiles entirely
   2. Replace "checkpath" in OpenRC with something that drops privileges
   3. Rewrite all of the init scripts that rely on tmpfiles
   4. Rework any packages that use tmpfiles without an OpenRC service


> Sounds like switching is the best path and really, about the only path.
> Until something better comes along or the default is redone from
> scratch, not switching leaves a door open for a bad guy.

Exactly.


> Do you know if the systemd devs manage this or is this package done
> outside of them?  Since some don't like systemd, myself being one of
> them, I'd like to know what group maintains that package.

Lennart "fuck Gentoo" Poettering is still in charge of systemd-tmpfiles, 
but there's nothing bad to be said about him in this regard. Compare his 
immediate and complete response to these issues,

   * https://github.com/systemd/systemd/issues/7736
   * https://github.com/systemd/systemd/issues/7986

with the fact that the opentmpfiles bugs have sat there unaddressed for 
three years.

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

Michael Orlitzky wrote:
> On 12/4/20 12:02 PM, Dale wrote:
>>
>> So basically, that package would have to start over from scratch to be
>> fixed.  That's not very likely if history means anything.
>>
>
> I think the opentmpfiles devs are planning to copy/paste the
> systemd-tmpfiles C code into opentmpfiles eventually. That will make
> it safe on Linux, obviously, since systemd-tmpfiles is... but will
> leave the hardlink problem unsolved on other kernels.
>
> There's no way to make opentmpfiles both cross-platform and safe. It's
> possible to do so with OpenRC more generally, but that's a larger
> undertaking that I suspect no one is interested in taking under:
>
>   1. Give up on tmpfiles entirely
>   2. Replace "checkpath" in OpenRC with something that drops privileges
>   3. Rewrite all of the init scripts that rely on tmpfiles
>   4. Rework any packages that use tmpfiles without an OpenRC service
>
>
>> Sounds like switching is the best path and really, about the only path.
>> Until something better comes along or the default is redone from
>> scratch, not switching leaves a door open for a bad guy.
>
> Exactly.
>
>
>> Do you know if the systemd devs manage this or is this package done
>> outside of them?  Since some don't like systemd, myself being one of
>> them, I'd like to know what group maintains that package.
>
> Lennart "fuck Gentoo" Poettering is still in charge of
> systemd-tmpfiles, but there's nothing bad to be said about him in this
> regard. Compare his immediate and complete response to these issues,
>
>   * https://github.com/systemd/systemd/issues/7736
>   * https://github.com/systemd/systemd/issues/7986
>
> with the fact that the opentmpfiles bugs have sat there unaddressed
> for three years.
>
>


It sounds like both packages will end up being the same.  Sort of. 
Switching it is. 

I read through those links.  I admit, a lot of it went over my head but
I did get a somewhat better understanding of how it is insecure. It
seems to me like it would be a difficult thing to accomplish but if one
does, it could get bad. 

Thanks much for all the info.  It helped me and I hope it helped others
as well. 

Dale

:-)  :-) 

[gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Martin Vaeth]

Dale <rdalek1967@gmail.com> wrote:
>
> It sounds like a rather rare problem. Maybe even only during boot up.

It is a non-existent problem on openrc if you clean /tmp and /var/tmp
on boot (which you should do if you use opentmp):

The purpose of opentmpfiles is to fill these directories with
certain data during boot, and when run only during boot
(as it is supposed to be) there is nothing wrong with it.

The situation is different for systemd which runs tmpfiles
periodically to clean up data from /tmp and /var/tmp
(something which should argueably be done by a dedicated tool
instead of putting two different functionalities into the same
tool - the usual systemd misconception of trying to be monolithic).

There is a certain danger if you install a new package whose
ebuild processes on installation a certain tmpfiles.conf
which writes into one of the world-writable directories /tmp or
/var/tmp: Such an ebuild does an inherently unsafe thing during
installation (but it doesn't matter whether it does this using
opentmpfiles or by calling the shell commands manually), and I
would not hesitate to file a bug against such an ebuild.

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Michael]

[-- Attachment #1: Type: text/plain, Size: 1590 bytes --]

On Sunday, 6 December 2020 07:55:29 GMT Martin Vaeth wrote:
> Dale <rdalek1967@gmail.com> wrote:
> > It sounds like a rather rare problem. Maybe even only during boot up.
> 
> It is a non-existent problem on openrc if you clean /tmp and /var/tmp
> on boot (which you should do if you use opentmp):
> 
> The purpose of opentmpfiles is to fill these directories with
> certain data during boot, and when run only during boot
> (as it is supposed to be) there is nothing wrong with it.
> 
> The situation is different for systemd which runs tmpfiles
> periodically to clean up data from /tmp and /var/tmp
> (something which should argueably be done by a dedicated tool
> instead of putting two different functionalities into the same
> tool - the usual systemd misconception of trying to be monolithic).
> 
> There is a certain danger if you install a new package whose
> ebuild processes on installation a certain tmpfiles.conf
> which writes into one of the world-writable directories /tmp or
> /var/tmp: Such an ebuild does an inherently unsafe thing during
> installation (but it doesn't matter whether it does this using
> opentmpfiles or by calling the shell commands manually), and I
> would not hesitate to file a bug against such an ebuild.


Given M.Orlitzky's comments and discussions with systemd devs he shared, 
what's the optimal solution for OpenRC users, who want to avoid systemd?

Rely on ebuild creators and maintainer checks to guard against these inherent 
vulnerabilities?  Or install --oneshot systemd-tmpfiles, at least temporarily 
until an OpenRC solution is cooked?

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 689 bytes --]

On Sun, 06 Dec 2020 10:45:38 +0000, Michael wrote:

> Given M.Orlitzky's comments and discussions with systemd devs he
> shared, what's the optimal solution for OpenRC users, who want to avoid
> systemd?

systemd-tmpfiles != systemd. Despite the claims that systemd is
monolithic, it is not. It is an ecosystem comprised of many parts, some
of which can be used without any other systemd components, like
systemd-tmpfiles and systemd-boot, not to mention udev.

Maybe the devs need to rename the systemd-tmpfiles package to satisfy
those that break out in a sweat at the mention of the s-word :)


-- 
Neil Bothwick

I can't walk on water, but I can stagger on alcohol.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Arve Barsnes]

On Sun, 6 Dec 2020 at 13:37, Neil Bothwick <neil@digimed.co.uk> wrote:
> Despite the claims that systemd is
> monolithic, it is not. It is an ecosystem comprised of many parts, some
> of which can be used without any other systemd components, like
> systemd-tmpfiles and systemd-boot, not to mention udev.

Despite repeated claims that it is not, all evidence points to it
being very much a monolithic code base, with tight coupling between
most of the parts. That you can disable compilation of so many parts
that some of the parts appear as stand-alone after compilation is not
evidence against that.

> Maybe the devs need to rename the systemd-tmpfiles package to satisfy
> those that break out in a sweat at the mention of the s-word :)

Since the compilation of this package consists of downloading a
systemd release, and disabling building of almost everything but this
component, it seems to very much be named correctly as it is.

Regards,
Arve

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Rich Freeman]

On Sun, Dec 6, 2020 at 7:37 AM Neil Bothwick <neil@digimed.co.uk> wrote:
>
> Maybe the devs need to rename the systemd-tmpfiles package to satisfy
> those that break out in a sweat at the mention of the s-word :)

Or maybe people who care a great deal about the filenames of stuff
just could rename them as they prefer?  :)

And if the part you don't like is what website or tarball the source
is distributed from, well, it is FOSS so you can always just host it
yourself.

opentmpfiles is just a reimplementation of systemd-tmpfiles in bash
with the goal of running on platforms that don't support linux
syscalls (and I guess bash makes everything better cause C became
corrupt the moment Lennart learned how to program in it...).

So, if systemd-tmpfiles does something you don't like, chances are it
is just a matter of time before opentmpfiles does too.

I think the idea of having something more cross-platform is a good
one, though there is nothing really about systemd that isn't "open" -
it is FOSS.  It just prioritizes using linux syscalls where they are
useful over implementing things in a way that work on other kernels,
which is more of a design choice than anything else.  I mean, it is no
more wrong to use linux-specific syscalls than for the linux
developers to create them in the first place.  In some situations the
linux-specific stuff lets things be done that aren't practical with
pure POSIX and safer manipulation of links is apparently one of them.

Really what probably wouldn't hurt is some kind of FOSS
POSIX-extension effort that tries to standardize stuff like this so
that it can be implemented across other kernels in a standard way, at
least for things like this which seem really useful.  I suspect that
the systemd folks might be willing to accept cross-platform
improvements if it were practical to do so, and if not you could
always fork it.

-- 
Rich

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[antlists]

On 06/12/2020 07:55, Martin Vaeth wrote:
> Dale<rdalek1967@gmail.com>  wrote:
>> It sounds like a rather rare problem. Maybe even only during boot up.

> It is a non-existent problem on openrc if you clean /tmp and /var/tmp
> on boot (which you should do if you use opentmp):

Which breaks a lot of STANDARDS-COMPLIANT software.

/var/tmp is *specified* as "surviving a reboot", so cleaning it on 
startup is not merely non-standard, but *forbidden* by the standard - 
said standard being the Filesystem Hierarchy Standard ...

For example, editors assume /var/tmp is a safe place to stash their 
files so they can recover from a system crash.

(I used to mount /var/tmp as a tmpfs until I found that out ...)

Cheers,
Wol

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[antlists]

On 06/12/2020 12:54, Rich Freeman wrote:
> I think the idea of having something more cross-platform is a good
> one, though there is nothing really about systemd that isn't "open" -
> it is FOSS.  It just prioritizes using linux syscalls where they are
> useful over implementing things in a way that work on other kernels,
> which is more of a design choice than anything else.  I mean, it is no
> more wrong to use linux-specific syscalls than for the linux
> developers to create them in the first place.


After all, it's not as if SysVinit is portable ... hint - it ISN'T. 
Nobody uses it but linux distros stuck in the past.

Cheers,
Wol

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/6/20 2:55 AM, Martin Vaeth wrote:
> Dale <rdalek1967@gmail.com> wrote:
>>
>> It sounds like a rather rare problem. Maybe even only during boot up.
> 
> It is a non-existent problem on openrc if you clean /tmp and /var/tmp
> on boot (which you should do if you use opentmp):
> 
> The purpose of opentmpfiles is to fill these directories with
> certain data during boot, and when run only during boot
> (as it is supposed to be) there is nothing wrong with it.
> 

Why are you focusing on /tmp and /var/tmp? These entries are exploitable 
everywhere. To pick a relevant example, app-portage/eix installs the 
following:

   $ cat /usr/lib/tmpfiles.d/eix.conf
   d /var/cache/eix 0775 portage portage -

If that was a 'Z' entry, or if it created another portage:portage 
directory beneath /var/cache/eix, then the "portage" user could easily 
gain root whenever opentmpfiles is run. That happens not only on 
reboots, but also when a package is (re)installed. Again, picking on 
eix's ebuild:

   pkg_postinst() {
     tmpfiles_process eix.conf
     ...

(The portage user gain already gain root, but you get the idea.)

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Michael]

[-- Attachment #1: Type: text/plain, Size: 1367 bytes --]

On Sunday, 6 December 2020 13:01:40 GMT antlists wrote:
> On 06/12/2020 12:54, Rich Freeman wrote:
> > I think the idea of having something more cross-platform is a good
> > one, though there is nothing really about systemd that isn't "open" -
> > it is FOSS.  It just prioritizes using linux syscalls where they are
> > useful over implementing things in a way that work on other kernels,
> > which is more of a design choice than anything else.  I mean, it is no
> > more wrong to use linux-specific syscalls than for the linux
> > developers to create them in the first place.
> 
> After all, it's not as if SysVinit is portable ... hint - it ISN'T.
> Nobody uses it but linux distros stuck in the past.
> 
> Cheers,
> Wol

It's not the naming of files which bothers me in particular and I won't rehash 
arguments for and against systemd.  I think such arguments have been exhausted 
on this list and others many times over.  I'm happy to have the choice of 
OpenRC and I remain cautious of the insidious Big-Tech takeover of the Linux 
ecosystem.  The objectives of RHL and Poettering are not necessarily aligned 
with mine.  For example, as I was installing sys-apps/systemd-tmpfiles I 
noticed systemd selecting as default DNS and NTP servers belonging to Google.  
Not something I would consciously use on my non cloud-hosted/server-farm 
administered laptop.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Rich Freeman]

On Sun, Dec 6, 2020 at 8:45 AM Michael <confabulate@kintzios.com> wrote:
>
> The objectives of RHL and Poettering are not necessarily aligned
> with mine.  For example, as I was installing sys-apps/systemd-tmpfiles I
> noticed systemd selecting as default DNS and NTP servers belonging to Google.
> Not something I would consciously use on my non cloud-hosted/server-farm
> administered laptop.

I think their intent is for distros to tailor such things to their
intended uses.  Having a default to fall back to Google DNS/NTP is
probably a good choice for a distro oriented to home-use/etc.  I think
resolved still gets configured to use the DHCP-provided DNS server by
default and uses Google as a backup to this.

In any case, the behavior is configurable at build-time so distros
would be expected to adjust it.  A google backup probably doesn't make
sense in an environment where you run a central DNS, especially if you
host internal DNS/etc.

The behavior is also runtime-configurable, assuming you know that you
need to adjust it.  First you can always just set your own resolv.conf
and glibc does its thing.  If you still want to use resolved then you
can also configure its runtime config.

Getting back to you thinking RHL's needs aren't aligned to your own,
you might consider that RHL doesn't actually ship systemd with the
upstream defaults.  Assuming CentOS follows them the latest systemd
source rpm I could find from them contains:
-Dntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org
2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
-Ddns-servers=''

So, they're tailoring RHEL for the corporate environment, and they're
not making the systemd upstream follow their own internal needs, even
though they're the ones paying for much of it.  They made the upstream
default one that probably would appeal to most community distros.

-- 
Rich

[gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Martin Vaeth]

Michael <confabulate@kintzios.com> wrote:
>
> Given M.Orlitzky's comments and discussions with systemd devs he shared,
> what's the optimal solution for OpenRC users, who want to avoid systemd?

Simply stay with opentmpfiles.

> Rely on ebuild creators and maintainer checks to guard against these inherent
> vulnerabilities?

Rely on ebuild creators to not write into world-writable
directories during emerge. This should never happen in the
first place.

[gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Martin Vaeth]

Michael Orlitzky <mjo@gentoo.org> wrote:
>
> Why are you focusing on /tmp and /var/tmp?

Because only world-writable directories are the ones which
can be exploited unless the tmpfiles.conf author does
something malevolent or extremely stupid.

> To pick a relevant example

relevant?

> If that was a 'Z' entry, or if it created another portage:portage
> directory beneath /var/cache/eix

In other words: If the completely harmless example would have
been replaced by an intentionally malevolent one, this could do harm.
With this logic, installing systemd-opentmpfiles is the same
security risk: If its ebuild would just contain the line
chmod -R /*
everybody could easily become root on your system when you install it.

[gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Martin Vaeth]

antlists <antlists@youngman.org.uk> wrote:
> On 06/12/2020 07:55, Martin Vaeth wrote:
>> Dale<rdalek1967@gmail.com>  wrote:
>>> It sounds like a rather rare problem. Maybe even only during boot up.
>
>> It is a non-existent problem on openrc if you clean /tmp and /var/tmp
>> on boot (which you should do if you use opentmp):
>
> Which breaks a lot of STANDARDS-COMPLIANT software.

Actually, /var/tmp needs not be cleaned at boot to be on the safe side:

grep /var/tmp /usr/lib/tmpfiles.d/*
/usr/lib/tmpfiles.d/portage-ccache.conf:x /var/tmp/ccache
/usr/lib/tmpfiles.d/systemd-tmp.conf:x /var/tmp/systemd-private-%b-*
/usr/lib/tmpfiles.d/systemd-tmp.conf:X /var/tmp/systemd-private-%b-*/tmp
/usr/lib/tmpfiles.d/systemd-tmp.conf:R! /var/tmp/systemd-private-*
/usr/lib/tmpfiles.d/tmp.conf:q /var/tmp 1777 root root 30d

The q entry is irrelevant for the intended usage of opentmpfiles,
and the others cannot be exploited.

Re: [gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Michael Orlitzky]

On 12/6/20 11:57 AM, Martin Vaeth wrote:
> Michael Orlitzky <mjo@gentoo.org> wrote:
>>
>> Why are you focusing on /tmp and /var/tmp?
> 
> Because only world-writable directories are the ones which
> can be exploited unless the tmpfiles.conf author does
> something malevolent or extremely stupid.
> 

This is completely untrue, but I'm not about to get into an argument 
over something that you can easily check yourself. Caveat emptor.

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

antlists wrote:
> On 04/12/2020 01:40, Dale wrote:
>> Also, our local power company is about to start rolling out internet
>> service.  It's done with fiber and the slowest package, 200MBs/sec, is
>> over 100 times faster than my current DSL.  It only costs $4.00 a month
>> more than what I'm paying now.  Their fastest package is 1GBs/sec.
>> Dang, I can't even imagine that sort of speed.  Another good thing, same
>> speed BOTH ways.  I can upload videos just as fast as I can download
>> one. Yeppie!!
>>
>> My only thing now, I hope it works like DSL/cable/etc and just requires
>> me to plug in a ethernet cable.  In other words, OS doesn't matter.  I
>> suspect it does but we will see.
>
> We went to fibre recently. They put a new box on the wall which takes
> an RJ-45 instead of the previous situation where ADSL took an RJ-11.
>
> All the blurb says "works with BT Hub 6", which we already had, so I
> didn't bother getting a new router (you had to pay for the "latest and
> greatest" Hub 7).
>
> When the guy installed it - "where's you new router, it won't work
> with this one". No apparently you can't just plug it into any old
> network port, the router needs a dedicated WAN link and the Hub 6 came
> in two versions, one with an ADSL modem and one with a fibre uplink.
>
> So it sounds like you need to swap your ADSL router for a cable router
> or whatever it is, but apart from that you'll be fine.
>
> (And then some sales guy working on behalf of BT knocked on the door,
> was surprised to find we were already BT customers, and rigged up some
> deal that (a) threw in a Hub-7 free, (b) changed our calling plan to
> remove the one-hour limit and add free calls to mobiles, and (c)
> knocked about £2 off our monthly bill!!!)
>
> Cheers,
> Wol
>
>


I visited with my friend who recently got the same type of internet I'll
be getting.  Odds are, the boxes will be the same.  She has hers through
a power company and that's what I'm getting, just a different power
company.  Anyway, as I suspected, it has a little box which is the
modem.  It looks a lot like a old AT&T Westel modem.  It's a little bit
smaller but other than that, almost identical.  Then there is a bigger
box that is a router.  I'm not sure of the brand but I don't think I've
ever seen one like that before.  It includes wifi as well as the usual 4
ethernet plugins.  My friend only uses wifi.  She has a TV, laptop and
cell phone.  Me, I'm desktop so I'd have a ethernet plug for mine.  Wifi
for my cell phone tho.  Oh, printer too.  I assume I can use my router. 
It has a ethernet cable going from modem to router.  Looks pretty simple
to me.  If I can use my existing router, don't know why I can't, then it
should be as simple as unplug cable from router, plug into new modem
from power company and surf the internet, at blazingly fast speeds. 
Whooooooossssshhh. 

I have links to pics I took.  One is modem and one is the router. 
Anyone recognize the router?  Anything special about it? 

https://freeimage.host/i/KBNa6b
https://freeimage.host/i/KBNYMu

I hope that site doesn't annoy anyone.  I upload there but rarely go
there for anything else.  I need to have me a server thingy somewhere I
can upload to and keep things safe.  With this new internet, it is
possible.  It uploads and downloads at 200MB/sec.  First backup may take
a while but after that, it wouldn't be bad.  I wouldn't think of doing
that with current DSL tho. 

I'm excited to see this coming.  This is as good as when I went from
dial-up to DSL. 

Dale

:-)  :-) 

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Wols Lists]

On 07/12/20 04:24, Dale wrote:
> I visited with my friend who recently got the same type of internet I'll
> be getting.  Odds are, the boxes will be the same.  She has hers through
> a power company and that's what I'm getting, just a different power
> company.  Anyway, as I suspected, it has a little box which is the
> modem.  It looks a lot like a old AT&T Westel modem.  It's a little bit
> smaller but other than that, almost identical.

Can't comment. If you've already got a cat-5 link from your router to
the internet modem, chances are you're okay.

My two routers looked pretty much identical too - the only difference
was the first had an RJ-11 WAN uplink, the second has an RJ-45. Other
than that they are the exact same model.

Cheers,
Wol

Re: [gentoo-user] Switching default tmpfiles and faster internet coming my way.

[Dale]

Wols Lists wrote:
> On 07/12/20 04:24, Dale wrote:
>> I visited with my friend who recently got the same type of internet I'll
>> be getting.  Odds are, the boxes will be the same.  She has hers through
>> a power company and that's what I'm getting, just a different power
>> company.  Anyway, as I suspected, it has a little box which is the
>> modem.  It looks a lot like a old AT&T Westel modem.  It's a little bit
>> smaller but other than that, almost identical.
> Can't comment. If you've already got a cat-5 link from your router to
> the internet modem, chances are you're okay.
>
> My two routers looked pretty much identical too - the only difference
> was the first had an RJ-11 WAN uplink, the second has an RJ-45. Other
> than that they are the exact same model.
>
> Cheers,
> Wol
>
>


According to my friend, she's never even had to access the modem or
router. They set everything up for her.  I asked her to access the modem
so I could see the modem's web page, she didn't know how to do it.  I
plan to do as much of my own as I can. 

I'm hoping to use my router since it is already set up and passwords are
already in everything that uses wifi.  Plus, I haven't had this modem
very long.  I bought some larger ears for it so that my printer and such
will get a signal.  I can get a signal about 400 feet down the road with
my cell phone.  lol 

I'm excited about the faster download speed for sure but I'm also very
happy that I have the same speed going up.  I can do some sort of cloud
backup if I want but even better, I can upload videos to video sites
much faster. 

Overall, this is better than I imagined several months ago when it was
first being mentioned.  Hardware and connections seems simple enough,
fast speeds and a company that is awesome.  Price is really good too. 
Only $4.00 a month more than what I have now. 

Thanks for the info.  Now for the waiting part. 

Dale

:-)  :-) 

[gentoo-user] Re: Switching default tmpfiles and faster internet coming my way.

[Martin Vaeth]

Michael Orlitzky <mjo@gentoo.org> wrote:
> On 12/6/20 11:57 AM, Martin Vaeth wrote:
>> Michael Orlitzky <mjo@gentoo.org> wrote:
>>>
>>> Why are you focusing on /tmp and /var/tmp?
>> Because only world-writable directories are the ones which
>> can be exploited unless the tmpfiles.conf author does
>> something malevolent or extremely stupid.
>
> This is completely untrue

You are right: It is untrue that even /tmp and /var/tmp are
under danger if the *.conf files are neiter malevolent nor
stupid.

On my system there is no such file, and I have quite some
packages installed. I doubt that any gentoo package contains
such a *.conf file which could trigger a problem even on /tmp or
/var/tmp, even if that should not have been deleted on boot.

> but I'm not about to get into an argument over something
> that you can easily check yourself. Caveat emptor.

Such a statement without a proof is called FUD.

If you find a *.conf file in some package or ebuild which
constitutes a problem for proper usage of opentmpfiles,
you should post it.