588650 – sys-apps/openrc interpreter should not permit file operations anywhere except /var/log and /var/run (/run) directories

Bug 588650 - sys-apps/openrc interpreter should not permit file operations anywhere except /var/log and /var/run (/run) directories

Summary: sys-apps/openrc interpreter should not permit file operations anywhere except...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Hosted Projects
Classification:	Unclassified
Component:	OpenRC (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	OpenRC Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-12 07:29 UTC by Sergey S. Starikoff
Modified:	2016-07-12 22:59 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergey S. Starikoff 2016-07-12 07:29:48 UTC

All system files MUST be handled by portage.
Other users and processes may write into their homedirs and limited access to /var/ and /tmp (for root user — also /etc and possibly /boot with /lib/modules).

I use amd64 system (with =sys-apps/openrc-0.19.1).
After some tests with =net-dns/dnscrypt-proxy-1.6.1 I was very unpleased finding in my system an empty orphan /syslog (!) file (see bug #588462).
Probably such actions should be filtered by openrc interpreter (now /sbin/openrc-run). Possibly, direct invocation of base utilities (chmod/chown, mkdir and touch) also should be forbidden.

Comment 1 William Hubbs gentoo-dev

2016-07-12 22:59:35 UTC

This seems a bit beyond the scope of OpenRC itself. However, someone
suggested to me that you might want to consider using apparmor [1], which is
also available in Gentoo.

If you find that this doesn't do what you want, please feel free to
re-open this bug and provide more information on what you are looking
for.

Thanks much.

William

[1] https://apparmor.net