d1c4694...
by
=?utf-8?q?Jo=C3=A3o_Paulo_Rechi_Vita?= <email address hidden>
Revert "[DEB] Bring tmpfiles.d/tmp.conf in line with Debian defaults"
This reverts commit 97461254ad826ac7a36f6ea7e181c8e65cc6a98f.
Debian's policy is to never clean-up /var/tmp to keep consistency with
the SysV init system. Flatpak creates temporary files in /var/tmp during
app updates but does not remove them on error, to avoid re-downloading
them on a future update attempt, and expects these files to be
automatically cleaned-up by the system eventually, according to the
site's policy. With this policy in place these files are never removed,
wasting the user's storage space.
Revert this commit back to upstream's default policy of cleaning up /tmp
every 10 days and /var/tmp every 30 days.
[DEB] basic/unit-name: do not use strdupa() on a path
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
c1fdb8d...
by
Lennart Poettering <email address hidden>
[DEB] unit-name: generate a clear error code when converting an overly long fs path to a unit name
[Salvatore Bonaccorso: Backport to 247.3 for context changes in
src/test/test-unit-name.c]