[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: The open() system call in f8 really broken...



On Thursday 16 August 2007 11:27:29 Jakub Jelinek wrote:
> > >If you compile the whole Fedora tree, how many warnings will you see?
> > >How many warnings are about 'better use mkstemp' - for security
> > >reasons... If you don't abort you'll not catch the developers
> > >attention... It's too bad, but true... Don't want to step on dev's toes
> > >of course - it's for sure not true for *all* developers!
> >
> > I was talking about runtime warnings... Really nasty looking messages
> > so they couldn't be ignored...
>
> Even a runtime warning is a wrong thing to do, aborting immediately is the
> only sane thing.

+1

> If you let it through, it can create a file with random mode.  Say if a
> root process creates a file with 4777 perms, do you really want to risk
> that while that process is scheduled away somebody copies a shell into that
> file and runs it?

SE Linux probably won't help here since users are unconfined in targeted 
policy (unless you did some tweeking with the roles). So, we need another 
mechanism to prevent the general problem.

I'd also like to remind people that a few releases ago we had buffer overflow 
problems. Now, most of those are cleaned up. This is just a temporary problem 
until we clean things up. This is what rawhide is for.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]