sandboxing: Restrict write access to /home
The sandboxing added in !22 (merged) sets ProtectHome=false
, because accounts-service
needs to be able to create new home directories for new users. It shouldn’t, however, need read or write access to any existing directories beneath /home
, so there’s a large scope for improving the sandboxing here (in data/accounts-daemon.service.in
) so that existing users’ data is not accessible to a compromised accounts-service
daemon.