[sane-devel] qcam: Avoid creating lock file in /tmp/

Henning Meier-Geinitz henning at meier-geinitz.de
Sun Mar 24 20:10:31 GMT 2002


Hi,

On Sun, Mar 24, 2002 at 08:14:02PM +0100, Petter Reinholdtsen wrote:
> Reading debian bug #21983,
> <URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=21983> one
> discover that there might be a security problem creating files in
> /tmp/. 

The security problem has been fixed 2002-01-11. At least I hope :-)
I can't really test qcam and noone seems to be interested in really
fixing it. Maybe noone even has a qcam :-/

> This also is in conflict with the Linux File Hierarcy Standard.

> I propose the following patch to fix the problem.  Anyone against it?
> 
>   - Change qcam lock file name from /tmp/LOCK.qcam.0x<port> to
>     /var/lock/LCK..qcam.0x<port> to get it more in sync with Linux FHS
>     and avoid possible security issue with keeping the lock file in
>     /tmp/.

Looks ok. Are you sure that /var/lock is available everywhere?

Bye,
  Henning



More information about the sane-devel mailing list