QA Testscase: Installation with mountpoint inside future $HOME?
Peter Jones
pjones at redhat.com
Mon May 20 17:36:32 UTC 2013
On Mon, May 20, 2013 at 06:42:47PM +0200, Miloslav Trmač wrote:
> On Mon, May 20, 2013 at 5:51 PM, Sandro Mani <manisandro at gmail.com> wrote:
>
> > I've just hit a bug which causes $HOME to be owned by root if a mountpoint
> > is created inside $HOME during install, see [1].
> >
>
> Ouch. Recent libuser versions refuse to do anything about a home directory
> (... which should cause the whole "create user" process to fail) if $HOME
> already exists - and this is necessary for security reasons.
>
> I'd much rather prohibit this case - if you want to set up a mountpoint
> within $HOME, create the user first. It would admittedly be a really ugly
> policy, however I think it's still better than the security risk.
What's the security risk they're worried about, exactly?
--
Peter
More information about the devel
mailing list