Hello everybody,
I just got a message from msec about rtkit.
'Added World Writable permissions on files : /var/tmp/systemd-rtkit-daemon.service-XZynVkv/tmp'
At first I thought it was a rootkit (rtkit sounds like rootkit), but from googling it appears it is a normal program.
I was wondering though if it is a service/daemon that should be running by default ?
As far as I'm aware I've not actually installed anything that should have anything to do with rtkit.
The only thing I could find is that it has something to do with pulseaudio, but I think that is installed by default ?
tl;dr: is 'Added World Writable permissions on files : /var/tmp/systemd-rtkit-daemon.service-XZynVkv/tmp' a security issue and/or should I disable the rtkit daemon (and if so how/where do I change it so it doesn't run at boot).
Thanks!
[SOLVED] Security Warning about rtkit
3 posts
• Page 1 of 1
[SOLVED] Security Warning about rtkit
by RagingRaven » Apr 14th, '15, 15:14
Last edited by RagingRaven on Apr 15th, '15, 09:08, edited 1 time in total.
-
RagingRaven - Posts: 60
- Joined: Aug 18th, '14, 16:40
- Location: Oud-Beijerland, Near Rotterdam, The Netherlands
Re: Security Warning about rtkit
by doktor5000 » Apr 14th, '15, 20:50
Please see the reply from your previous thread about msec, it still applies: viewtopic.php?p=56039#p56039
The security warning is not about rtkit, it is just an arbitrary message about a world-writeable file that msec thinks it found.
Both rtkit and pulseaudio belong to a default installation, msec is just not adapted yet to ignore directories with sticky bits set
or those that are created using systemd's PrivateTmp facility. See e.g. https://bugs.mageia.org/show_bug.cgi?id=12150 for the related bug report
and http://0pointer.de/blog/projects/security.html or https://securityblog.redhat.com/2014/04 ... rivatetmp/
for explanations on the feature itself.
A short check for everything that is at least world-writeable doesn't show up anything fancy:
They all have 1777 permissions, but just try to access them as normal user - it is not possible.
The security warning is not about rtkit, it is just an arbitrary message about a world-writeable file that msec thinks it found.
Both rtkit and pulseaudio belong to a default installation, msec is just not adapted yet to ignore directories with sticky bits set
or those that are created using systemd's PrivateTmp facility. See e.g. https://bugs.mageia.org/show_bug.cgi?id=12150 for the related bug report
and http://0pointer.de/blog/projects/security.html or https://securityblog.redhat.com/2014/04 ... rivatetmp/
for explanations on the feature itself.
A short check for everything that is at least world-writeable doesn't show up anything fancy:
- Code: Select all
┌─[doktor5000@Mageia5]─[20:47:03]─[~]
└──╼ sudo find /var/tmp -perm -666 -ls
274 0 drwxrwxrwt 1 root root 378 Apr 13 23:44 /var/tmp
1280144 0 drwxrwxrwt 1 root root 0 Apr 11 23:02 /var/tmp/systemd-private-4a622bd1e36c4368a7a47f901fb61b0f-systemd-timesyncd.service-EvDkKu/tmp
1280153 0 drwxrwxrwt 1 root root 0 Apr 11 23:02 /var/tmp/systemd-private-4a622bd1e36c4368a7a47f901fb61b0f-rtkit-daemon.service-kB6ho4/tmp
They all have 1777 permissions, but just try to access them as normal user - it is not possible.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
-
doktor5000 - Posts: 18062
- Joined: Jun 4th, '11, 10:10
- Location: Leipzig, Germany
Re: Security Warning about rtkit
by RagingRaven » Apr 15th, '15, 09:08
Ok, thanks for the info.
I'd rather be safe then sorry.
I'd rather be safe then sorry.
-
RagingRaven - Posts: 60
- Joined: Aug 18th, '14, 16:40
- Location: Oud-Beijerland, Near Rotterdam, The Netherlands
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 1 guest