QA Testscase: Installation with mountpoint inside future $HOME?

Peter Jones pjones at redhat.com
Mon May 20 17:36:32 UTC 2013


On Mon, May 20, 2013 at 06:42:47PM +0200, Miloslav Trma─Ź wrote:
> On Mon, May 20, 2013 at 5:51 PM, Sandro Mani <manisandro at gmail.com> wrote:
> 
> > I've just hit a bug which causes $HOME to be owned by root if a mountpoint
> > is created inside $HOME during install, see [1].
> >
> 
> Ouch.  Recent libuser versions refuse to do anything about a home directory
> (... which should cause the whole "create user" process to fail) if $HOME
> already exists - and this is necessary for security reasons.
> 
> I'd much rather prohibit this case - if you want to set up a mountpoint
> within $HOME, create the user first.  It would admittedly be a really ugly
> policy, however I think it's still better than the security risk.

What's the security risk they're worried about, exactly?

-- 
        Peter


More information about the devel mailing list