Insecure /run permissions

Jakub Bogusz qboosh at
Sun Jun 5 21:51:32 CEST 2016

While doing FHS 3.0 research (I'm finishing FHS.spec update by the way)
I found that /run is mounted by rc.sysinit with insecure permissions
(default for tmpfs, but not appropriate for this directory):

3.15. /run : Run-time variable data
   Programs may have a subdirectory of /run; this is encouraged for programs that use more than one
   run-time file. Users may also have a subdirectory of /run, although care must be taken to
   appropriately limit access rights to prevent unauthorized use of /run itself and other
   subdirectories. ^[17]
   ^[17] /run should not be writable for unprivileged users; it is a major security problem if any
   user can write in this directory. User-specific subdirectories should be writable only by each
   directory's owner.

So rc.sysinit needs fix to use mode=755 for /run.

Jakub Bogusz

More information about the pld-devel-en mailing list