[Pkg-systemd-maintainers] Bug#720851: Processed: reassign 720851 to systemd
Bastian Blank
waldi at debian.org
Tue Aug 27 10:36:54 BST 2013
On Mon, Aug 26, 2013 at 11:54:32PM +0200, Michael Stapelberg wrote:
> Debian Bug Tracking System <owner at bugs.debian.org> writes:
> > Bug #720851 [lvm2] systemd - Generators uses predictable file names in /tmp
> Generators are invoked by systemd and argv[1] is always provided,
> i.e. they will never actually write files to /tmp. And even if you call
> the generator manually, nobody will ever read the file from
> /tmp. Therefore, there is no attack vector here.
If there is no reason to call the generators without argument, why is it
supported?
> In case you disagree, please file a bug upstream at lvm — after all,
> they ship the generator in question.
Nope. I meant the generators shipped in the systemd package:
| $ grep arg_dest src/fstab-generator/fstab-generator.c
| static const char *arg_dest = "/tmp";
[...]
| arg_dest = argv[1];
Bastian
--
Beam me up, Scotty!
More information about the Pkg-systemd-maintainers
mailing list