The comment in the startup script of net-p2p/bitcoin mentions "bitcoind_data" and that its default value is "/var/lib/bitcoin". Both are wrong, fix them. In addition do not redirect output to a predefined file in /tmp/ as a malicious user could create a symlink with that name, pointing to some other file, which would be overwritten by the redirect.
Created attachment 187824 [details] fix
Comment on attachment 187824 [details] fix OK, thanks, noted and approved. Is the issue with named file in .tmp that they get deleted, and so could be replaced by an unprivileged user, whereas files elsewhere, if the directory is not world-writable, could not be replaced with a simlink?
A commit references this bug: Author: vd Date: Wed Nov 8 08:18:27 UTC 2017 New revision: 453725 URL: https://svnweb.freebsd.org/changeset/ports/453725 Log: net-p2p/bitcoin: fix typos in startup script PR: 223495 Submitted by: vd@ Approved by: robbak@gmail.com (maintainer) Changes: head/net-p2p/bitcoin/Makefile head/net-p2p/bitcoin/files/bitcoind.in
Committed in r453725. Yes, a malicious user could `ln -s /path/to/file/that/only/root_can_edit /tmp/foo` and when the root user does `command > /tmp/foo` it will overwrite that file. A safer approach is to either redirect to somewhere where symlinks cannot be planted willy-nilly by everybody or to use unpredictable names by employing mktemp(1).