Mailinglist Archive: opensuse-factory (435 mails)

< Previous Next >
Re: [opensuse-factory] Proposal: /tmp as tmpfs
  • From: Cristian Rodríguez <crrodriguez@xxxxxxxxxxxx>
  • Date: Fri, 17 Jul 2020 16:29:16 -0400
  • Message-id: <CAPBLoAehWVTfK1+R=AP_DEv_W1U+=xVHQdWVrVvatAtPOdwfOw@mail.gmail.com>
On Fri, Jul 17, 2020 at 10:14 AM Malte Kraus <malte.kraus@xxxxxxxx> wrote:

On Fri, 2020-07-17 at 09:56 -0400, Cristian Rodríguez wrote:
Of course this came to mind.. but I was looking at a system-wide
thing
that could possibly run at very early boot and maybe raise Cthulhu if
something lame like fopen("/tmp/fixednamewithoutdotrandompart". "wb")
is used by an application .

There's the LD_PRELOAD-based PathAuditor [1]. It would be interesting
to see if it can boot up a full openSUSE system, and what it finds.

1: https://github.com/google/path-auditor

cat Dockerfile
FROM opensuse/tumbleweed
RUN zypper -n install --no-recommends gcc-c++ bazel systemd strace vim gdb
COPY . /pathauditor/
RUN cd /pathauditor && bazel build //pathauditor/libc:libpath_auditor.so
RUN echo "/pathauditor/bazel-bin/pathauditor/libc/libpath_auditor.so"
/etc/ld.so.preload
CMD [ "/usr/lib/systemd/systemd" ]

kinda works with podman (because docker does not play nice with
systemd) in the initial boot some false positives shown and UTS
namespace didn't work for me, but could otherwise be used to find some
interesting problems in apps ;)
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread