[Pkg-freeipmi-devel] Bug#690040: freeipmi: Build with PIE, bindnow, openfiles with O_EXCL and check return status
Yaroslav Halchenko
debian at onerussian.com
Tue Oct 9 21:05:28 UTC 2012
On Tue, 09 Oct 2012, Albert Chu wrote:
> > > * debian/patches/0002_excel_when_opening_tmp.patch: Open files with O_EXCL.
> I'm confused by this requirement. Why should it be an error if the file
> already exists?
> The default location for this library's debug dumps is /tmp. I
> admittedly chose it somewhat at random, it just felt like a decent
> location.
my take on it (Dave might clarify what intention he had) was -- security
precaution since wouldn't it allow an attack vector via symlinks to
root-owned precious files? (e.g. an evil attacker might ln -s
/etc/whateverimportant /tmp/ipmiconsole_debug) so then naive run of the
ipmiconsole as root would render that file "broken"
additionally -- what if there would be multiple ipmiconsole's ran
with --debug?
> Is there a better place? Perhaps the current working
> directory would be more appropriate?
I guess ideally --debug should just take a filename as an argument... ?
--
Yaroslav O. Halchenko
Postdoctoral Fellow, Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
More information about the Pkg-freeipmi-devel
mailing list