[med-svn] r1128 - trunk/packages/mustang/trunk/debian

Thijs Kinkhorst thijs at debian.org
Mon Jan 14 18:49:24 UTC 2008


On Monday 14 January 2008 16:37, Morten Kjeldgaard wrote:
> > This may be superfluous, but just to note: such usage of /tmp with a
> > predictable dirname is only safe because the script is "set -e".
>
> The existence of /tmp is required by the FHS standard, so I think it should
> be safe to assume it exists.

Sorry to be unclear. I mean "safe" in the sense of security. A predictable 
*file*name in a world writable directory is unsafe because it can be used for 
a symlink attack to overwrite arbitrary files. For a *directory* this is less 
the case, because in this script the 'mkdir' will fail if the dir already 
exists and "set -e" will terminate the script.

If you remove the "set -e" the script gains a security issue.


Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/debian-med-commit/attachments/20080114/22230ec2/attachment.pgp 


More information about the debian-med-commit mailing list