neutering world-writable directories with checkout --user



TL;DR: Does anyone using `checkout --user-mode` (and
in particular the `bare-user` repository mode rely on
having directories world-writable?

Hey, so the recent discussion on bare-user permissions
caused me to realize that flatpak had a security issue
with setuid binaries + system helper; more in that on
https://github.com/flatpak/flatpak/pull/837
(That's not quite the subject of this mail, but we'll likely
 do an ostree release soon for it)

However, digging into the subject of what Unix permissions
are bad, world-writable files also came up.  For the ostree-as-host
case, there's a valid use case in representing the `/tmp` directory.
But for containers, I can't think of a use case.  And further, when
representing an ostree-as-host checkout as a buildroot (i.e.
doing a bare-user checkout of it), I also can't think of a reason
to make any directories world-writable.

However, per the subject of this mail, we're a bit uncertain
about the backwards compatibility here.  It seems possible
that somehow someone is relying on e.g. `/tmp` being world
writable.  Something like doing a checkout as one uid, then
switching uid and running a build there?  Is anyone doing
something like that?  If you are, please say so in:

https://github.com/ostreedev/ostree/pull/914



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]