[OE-core] [PATCH] package_ipk: allow to specify OPKG_ARGS in local.conf
Alejandro del Castillo
alejandro.delcastillo at ni.com
Thu Dec 3 01:03:59 UTC 2015
On 12/02/2015 05:19 PM, Burton, Ross wrote:
>
> On 2 December 2015 at 23:16, Alejandro del Castillo
> <alejandro.delcastillo at ni.com <mailto:alejandro.delcastillo at ni.com>> wrote:
>
> > Whilst the patch is fine, this is worrying as noexec /tmp shouldn't break opkg.
> > Maybe opkg should be changed to use something in /var for the scripts?
>
> Could you expand on why it's better to use /var instead of /tmp as the default
> sandbox location for opkg? I believe dpkg uses /var/lib/ and would like to
> understand why that's better (to change opkg, if it makes sense)
>
>
> Well in this case it's fairly common to mount /tmp as noexec on security
> grounds, and to be limited in size (say a small tmpfs), whereas /var generally
> has less restrictions.
I see, common attacks rely on being able to execute commands in /tmp. Do you
mind opening an issue for opkg on bugzilla?
--
Cheers,
Alejandro
More information about the Openembedded-core
mailing list