#729818 vde2: /var/run/vde2 should be world-executable

Package:
vde2
Source:
vde2
Description:
Virtual Distributed Ethernet
Submitter:
Andrew Ayer
Date:
2013-11-17 20:42:06 UTC
Severity:
wishlist
#729818#5
Date:
2013-11-17 20:40:25 UTC
From:
To:
Dear Maintainer,

Currently, /etc/network/if-pre-up.d/vde2 (also, vde2.postinst) create
/var/run/vde2 as follows:

	mkdir -p $RUNDIR
	chown vde2-net:vde2-net $RUNDIR
	chmod 2770 $RUNDIR

I believe the permissions should be (at least) 2771.  2770 makes it
impossible for users not in the vde2-net group to use VDE interfaces,
even if those interfaces are owned by groups besides vde2-net[1].

Since all sensitive files in /var/run/vde2 have non-world-accessible
permissions by default, there shouldn't be any security implications
from making this directory world-executable.

Could these scripts be updated accordingly?

Thanks,

Andrew

[1] This would be accomplished by passing the -g option to the vde2-switch
directive in /etc/network/interfaces, and is highly useful because it
lets you grant different users access to different VDE interfaces.