diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2020-09-28 19:43:54 +0200 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2020-09-28 22:55:20 +0200 |
commit | 9630d5c07fbdb264fec79f428b0c65366a356a72 (patch) | |
tree | 90dc6224c922ecf4937b9cd8ff648028adbdef61 /pkgs/development/compilers | |
parent | cd7db06935196264f72d7b4041f22d46dce16ecb (diff) | |
download | nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.gz nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.bz2 nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.lz nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.xz nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.tar.zst nixlib-9630d5c07fbdb264fec79f428b0c65366a356a72.zip |
nixos/security/wrapper: ensure the tmpfs is not world writeable
The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with its root directory has the standard (for tmpfs) mode: 1777 (world writeable, sticky -- the standard mode of shared temporary directories). This means that every user can create new files and subdirectories there, but can't move/delete/rename files that belong to other users.
Diffstat (limited to 'pkgs/development/compilers')
0 files changed, 0 insertions, 0 deletions