diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2017-05-10 09:52:11 +0100 |
---|---|---|
committer | Jörg Thalheim <joerg@thalheim.io> | 2017-05-10 18:03:42 +0100 |
commit | 731917a800aaf7acbd8d20a0c45ac30d35204f32 (patch) | |
tree | 4be9ac7436b5138bddf4cb10c8ea605b70c31f9e /nixos/modules/services/printing | |
parent | 98ff062ed4bf7b01ac07b22890694ebf05ec4ef5 (diff) | |
download | nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.tar nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.tar.gz nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.tar.bz2 nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.tar.lz nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.tar.xz nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.tar.zst nixlib-731917a800aaf7acbd8d20a0c45ac30d35204f32.zip |
cups: mount private /tmp
printer driver and wrapper are often not written with security in mind. While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found a symlink-race vulnerability within the wrapper code, when writing unique files in /tmp. I expect this script to be reused in other models as well as similar vulnerabilities in the code of other vendors. Therefore I propose to make /tmp of cups.service private so that only processes with the same privileges are able to access these files.
Diffstat (limited to 'nixos/modules/services/printing')
-rw-r--r-- | nixos/modules/services/printing/cupsd.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 7ce2ae38fb36..ba9f99e6a8fb 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -324,6 +324,8 @@ in fi ''} ''; + + serviceConfig.PrivateTmp = true; }; systemd.services.cups-browsed = mkIf avahiEnabled |