[Pkg-utopia-maintainers] Bug#1021947: dbus-daemon: creates socket file in /tmp readable, writeable for everyone
Jörg-Volker Peetz
jvpeetz at web.de
Mon Oct 17 20:45:19 BST 2022
Package: dbus-daemon
Version: 1.14.4-1
Severity: important
Dear Utopia Maintenance Team,
on my machine with sysv init, starting firefox through an ssh X tunnel
creates a socket file in /tmp, e.g., /tmp/dbus-TisQYrBfOV which is world
readable, writable, executable (o=rwx).
Is this intended? Isn't it a security problem?
The output of 'lsof | grep /tmp/dbus' says dbus-daemon is connected to
the socket.
Regards,
Jörg.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (600, 'testing'), (500, 'unstable'), (5, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.2 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C.utf8, LC_CTYPE=C.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages dbus-daemon depends on:
ii dbus-bin 1.14.4-1
ii dbus-session-bus-common 1.14.4-1
ii libapparmor1 3.0.7-1
ii libaudit1 1:3.0.7-1.1
ii libc6 2.35-3
ii libcap-ng0 0.8.3-1+b1
ii libdbus-1-3 1.14.4-1
ii libexpat1 2.4.9-1
ii libselinux1 3.4-1+b2
ii libsystemd0 251.6-1
dbus-daemon recommends no packages.
dbus-daemon suggests no packages.
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list