[sane-devel] qcam: Avoid creating lock file in /tmp/
Henning Meier-Geinitz
henning at meier-geinitz.de
Sun Mar 24 20:10:31 GMT 2002
Hi,
On Sun, Mar 24, 2002 at 08:14:02PM +0100, Petter Reinholdtsen wrote:
> Reading debian bug #21983,
> <URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=21983> one
> discover that there might be a security problem creating files in
> /tmp/.
The security problem has been fixed 2002-01-11. At least I hope :-)
I can't really test qcam and noone seems to be interested in really
fixing it. Maybe noone even has a qcam :-/
> This also is in conflict with the Linux File Hierarcy Standard.
> I propose the following patch to fix the problem. Anyone against it?
>
> - Change qcam lock file name from /tmp/LOCK.qcam.0x<port> to
> /var/lock/LCK..qcam.0x<port> to get it more in sync with Linux FHS
> and avoid possible security issue with keeping the lock file in
> /tmp/.
Looks ok. Are you sure that /var/lock is available everywhere?
Bye,
Henning
More information about the sane-devel
mailing list