The comment in the startup script of net-p2p/bitcoin mentions "bitcoind_data" and that its default value is "/var/lib/bitcoin". Both are wrong, fix them. In addition do not redirect output to a predefined file in /tmp/ as a malicious user could create a symlink with that name, pointing to some other file, which would be overwritten by the redirect.
Created attachment 187824 [details]
Comment on attachment 187824 [details]
OK, thanks, noted and approved.
Is the issue with named file in .tmp that they get deleted, and so could be replaced by an unprivileged user, whereas files elsewhere, if the directory is not world-writable, could not be replaced with a simlink?
A commit references this bug:
Date: Wed Nov 8 08:18:27 UTC 2017
New revision: 453725
net-p2p/bitcoin: fix typos in startup script
Submitted by: vd@
Approved by: firstname.lastname@example.org (maintainer)
Committed in r453725.
Yes, a malicious user could `ln -s /path/to/file/that/only/root_can_edit /tmp/foo` and when the root user does `command > /tmp/foo` it will overwrite that file. A safer approach is to either redirect to somewhere where symlinks cannot be planted willy-nilly by everybody or to use unpredictable names by employing mktemp(1).