public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/services
History
Jörg Thalheim 731917a800
cups: mount private /tmp 
printer driver and wrapper are often not written with security in mind.

While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found
a symlink-race vulnerability within the wrapper code, when writing
unique files in /tmp.
I expect this script to be reused in other models as well
as similar vulnerabilities in the code of other vendors. Therefore
I propose to make /tmp of cups.service private so that only processes
with the same privileges are able to access these files.
2017-05-10 18:03:42 +01:00
..
admin/salt
Add salt master module (#25632)
2017-05-09 18:20:35 +01:00
amqp
nixos manuals: bring back package references
2016-02-03 14:47:14 +01:00
audio
Remove static uid/gid
2017-03-18 13:54:39 +01:00
backup
tarsnap service: add 'verbose' config option (#25353)
2017-05-01 16:09:45 +01:00
cluster
Merge pull request #24921 from peterhoeg/f/k8s
2017-04-15 10:43:25 +02:00
computing
nixos/treewide: remove boolean examples for options
2017-03-17 23:36:19 +01:00
continuous-integration
Merge pull request #24131 from nand0p/buildbot-0.9.5
2017-05-03 07:56:29 +02:00
databases
clickhouse: init at 1.1.54190
2017-04-27 13:25:58 +00:00
desktops
gnome-disks: add D-Bus service
2017-05-06 19:40:37 +02:00
development
hoogle service: fixups
2016-04-22 03:58:08 +02:00
editors
Merge pull request #22508 from matthewbauer/remove-emacs24macport
2017-03-18 22:19:20 +01:00
games
factorio: remove autosave-interval from command-line options
2017-01-25 21:39:37 +01:00
hardware
Merge pull request #21227 from lheckemann/vgaswitcheroo
2017-04-28 12:47:00 +01:00
logging
treewide: use boolToString function
2017-04-11 18:18:53 +02:00
mail
Merge pull request #21866 from pjones/pjones/rmilter
2017-03-20 20:50:56 +01:00
misc
nixos: revert changes from 3ab45f4b369c in taskserver module
2017-05-06 19:50:02 +02:00
monitoring
nixos datadog module: add processConfig option
2017-05-04 13:25:45 +02:00
network-filesystems
ipfs service: Fix dataDir being ignored
2017-05-05 11:25:36 +02:00
networking
xrdp: environment.pathsToLink from xserver.nix
2017-05-02 21:08:07 +00:00
printing
cups: mount private /tmp
2017-05-10 18:03:42 +01:00
scheduling
fcron: install systab
2017-04-23 11:44:04 +02:00
search
nixos/modules: use defaultText where applicable
2016-11-21 16:35:15 +01:00
security
shibboleth-sp module: Set Config File Path for FastCGI Units
2017-05-02 19:58:03 -04:00
system
earlyoom service: init
2017-03-24 23:16:16 +01:00
torrent
treewide: use boolToString function
2017-04-11 18:18:53 +02:00
ttys
kmscon service: disable systemd-vconsole-setup
2017-03-01 13:47:34 +03:00
web-apps
mattermost service: PrivateTmp broken with local postgresql
2017-05-08 09:18:32 +02:00
web-servers
Merge pull request #25365 from armijnhemel/mediawiki
2017-05-07 06:58:32 -04:00
x11
i3: fix runtime dependencies
2017-05-10 02:42:44 +02:00