[Pkg-freeipmi-devel] Bug#690040: freeipmi: Build with PIE, bindnow, openfiles with O_EXCL and check return status

[Albert Chu]

On Tue, 2012-10-09 at 17:05 -0400, Yaroslav Halchenko wrote:
> On Tue, 09 Oct 2012, Albert Chu wrote:
> > > >   * debian/patches/0002_excel_when_opening_tmp.patch: Open files with O_EXCL.
> > I'm confused by this requirement.  Why should it be an error if the file
> > already exists?
> 
> > The default location for this library's debug dumps is /tmp.  I
> > admittedly chose it somewhat at random, it just felt like a decent
> > location. 
> 
> my take on it (Dave might clarify what intention he had) was -- security
> precaution since wouldn't it allow an attack vector via symlinks to
> root-owned precious files? (e.g. an evil attacker might ln -s
> /etc/whateverimportant /tmp/ipmiconsole_debug) so then naive run of the
> ipmiconsole as root would render that file "broken"

Makes sense, I could see that.

> additionally -- what if there would be multiple ipmiconsole's ran
> with --debug?  
>
> Is there a better place?  Perhaps the current working
> > directory would be more appropriate?
> 
> I guess ideally --debug should just take a filename as an argument... ?

The --debug output in the ipmiconsole tool outputs dumps to stderr.

The output of the debug output to a file is sort of an advanced option
that has to be enabled when one tells the libipmiconsole API to do it.
I'm not sure if anyone uses it.  It's mostly there is a just in case
emergency option for debugging.  Especially for those who are trying to
do libipmiconsole at large scale (i.e. Conman, Conserver).

Hmmmm. What would be the best thing to do?  I'm actually liking the idea
of dumping to the current working directory, so that it's the
responsibility of the developer to know what they are doing with this
option.

Al

-- 
Albert Chu
chu11 at llnl.gov
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory