nixos/security/wrapper: ensure the tmpfs is not world writeable - nixlib

diff options

author	Andreas Rammhold <andreas@rammhold.de>	2020-09-28 19:43:54 +0200
committer	Andreas Rammhold <andreas@rammhold.de>	2020-09-28 22:55:20 +0200
commit	9630d5c07fbdb264fec79f428b0c65366a356a72 (patch)
tree	90dc6224c922ecf4937b9cd8ff648028adbdef61 /pkgs/development/compilers
parent	cd7db06935196264f72d7b4041f22d46dce16ecb (diff)
download	nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.gz nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.bz2 nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.lz nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.xz nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.zst nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.zip

nixos/security/wrapper: ensure the tmpfs is not world writeable

The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with
its root directory has the standard (for tmpfs) mode: 1777 (world writeable,
sticky -- the standard mode of shared temporary directories). This means that
every user can create new files and subdirectories there, but can't
move/delete/rename files that belong to other users.

Diffstat (limited to 'pkgs/development/compilers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: