cups: mount private /tmp

printer driver and wrapper are often not written with security in mind. While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found a symlink-race vulnerability within the wrapper code, when writing unique files in /tmp. I expect this script to be reused in other models as well as similar vulnerabilities in the code of other vendors. Therefore I propose to make /tmp of cups.service private so that only processes with the same privileges are able to access these files.
2017-05-10 09:52:11 +01:00 · 2017-05-10 09:52:11 +01:00 · 731917a800
commit 731917a800
parent 98ff062ed4
1 changed files with 2 additions and 0 deletions
--- a/nixos/modules/services/printing/cupsd.nix
+++ b/nixos/modules/services/printing/cupsd.nix
@ -324,6 +324,8 @@ in
              fi
            ''}
          '';
+
+          serviceConfig.PrivateTmp = true;
      };

    systemd.services.cups-browsed = mkIf avahiEnabled