Bug 126669

Summary: [has patch] canna creates /tmp/.iroha_unix, mode 0777, instead of using /var/run/.iroha_unix
Product: [Fedora] Fedora Reporter: Matthew Miller <mattdm>
Component: CannaAssignee: Akira TAGOH <tagoh>
Status: CLOSED RAWHIDE QA Contact: Bill Huang <bhuang>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: Patch
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 3.7p3-4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-25 05:03:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
use /var/run/.iroha_unix instead of creating /tmp/.iroha_unix with insecure permissions none

Description Matthew Miller 2004-06-24 16:01:44 UTC 
I don't use or understand this program at all. And I don't speak
Japanese, so the learning curve is a bit steep. But, in Fedora Core 2
and in the current rawhide version, it's creating /tmp/.iroha_unix as
a world-writable directory. That doesn't seem right.

The package also owns /var/run/.iroha_unix, with far more restrictive
permissions, but doesn't appear to put anything there.

I've made a patch to the config file which causes it to actually put
the IROHA socket file in /var/run/.iroha_unix. I'll attach this patch
in a second.

I don't have a good way of testing this (I'll see if I can find a
japanese speaking linux-savvy student somewhere around here....), but
it seems like the right thing to do.
Comment 1 Matthew Miller 2004-06-24 16:03:20 UTC 
Created attachment 101377 [details]
use /var/run/.iroha_unix instead of creating /tmp/.iroha_unix with insecure permissions

(It occurs to me that it might also be good to patch the code so that if the
directory doesn't exist and needs to be recreated, it's created with the right
permissions instead of 0777.
Comment 2 Akira TAGOH 2004-06-25 05:03:56 UTC 
already fixed in 3.7p3-4 which has been released yesterday. thanks for
the notification anyway.