nixpkgs-suyu/nixos/modules/services
Jörg Thalheim 731917a800
cups: mount private /tmp
printer driver and wrapper are often not written with security in mind.

While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found
a symlink-race vulnerability within the wrapper code, when writing
unique files in /tmp.
I expect this script to be reused in other models as well
as similar vulnerabilities in the code of other vendors. Therefore
I propose to make /tmp of cups.service private so that only processes
with the same privileges are able to access these files.
2017-05-10 18:03:42 +01:00
..
admin/salt Add salt master module (#25632) 2017-05-09 18:20:35 +01:00
amqp
audio Remove static uid/gid 2017-03-18 13:54:39 +01:00
backup tarsnap service: add 'verbose' config option (#25353) 2017-05-01 16:09:45 +01:00
cluster Merge pull request #24921 from peterhoeg/f/k8s 2017-04-15 10:43:25 +02:00
computing nixos/treewide: remove boolean examples for options 2017-03-17 23:36:19 +01:00
continuous-integration Merge pull request #24131 from nand0p/buildbot-0.9.5 2017-05-03 07:56:29 +02:00
databases clickhouse: init at 1.1.54190 2017-04-27 13:25:58 +00:00
desktops gnome-disks: add D-Bus service 2017-05-06 19:40:37 +02:00
development
editors Merge pull request #22508 from matthewbauer/remove-emacs24macport 2017-03-18 22:19:20 +01:00
games
hardware Merge pull request #21227 from lheckemann/vgaswitcheroo 2017-04-28 12:47:00 +01:00
logging treewide: use boolToString function 2017-04-11 18:18:53 +02:00
mail Merge pull request #21866 from pjones/pjones/rmilter 2017-03-20 20:50:56 +01:00
misc nixos: revert changes from 3ab45f4b36 in taskserver module 2017-05-06 19:50:02 +02:00
monitoring nixos datadog module: add processConfig option 2017-05-04 13:25:45 +02:00
network-filesystems ipfs service: Fix dataDir being ignored 2017-05-05 11:25:36 +02:00
networking xrdp: environment.pathsToLink from xserver.nix 2017-05-02 21:08:07 +00:00
printing cups: mount private /tmp 2017-05-10 18:03:42 +01:00
scheduling fcron: install systab 2017-04-23 11:44:04 +02:00
search
security shibboleth-sp module: Set Config File Path for FastCGI Units 2017-05-02 19:58:03 -04:00
system earlyoom service: init 2017-03-24 23:16:16 +01:00
torrent treewide: use boolToString function 2017-04-11 18:18:53 +02:00
ttys kmscon service: disable systemd-vconsole-setup 2017-03-01 13:47:34 +03:00
web-apps mattermost service: PrivateTmp broken with local postgresql 2017-05-08 09:18:32 +02:00
web-servers Merge pull request #25365 from armijnhemel/mediawiki 2017-05-07 06:58:32 -04:00
x11 i3: fix runtime dependencies 2017-05-10 02:42:44 +02:00