Bug 51406
Summary: | redundant and buggy code | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <inger> |
Component: | newt | Assignee: | Eido Inoue <havill> |
Status: | CLOSED NOTABUG | QA Contact: | Aaron Brown <abrown> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | jorton, kmaraas, mjc |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-12-12 17:53:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2001-08-10 09:28:56 UTC
Please provide a more detailed description of the problem than "buggy code" before requesting a fix to the problem. :) Please provide a more detailed description of the problem than "buggy code" before requesting a fix to the problem. :) Well. I give to you a more detailed description: 1. You don't need to use a tty[32] variable.(see first part of the patch) 2. It's not secure to leave sockets it tmp dir(see in patch between SO_PERCRED). You can safely remove it (you already have an open file descriptor) 'cause you need it only to open connection with gpm. -------------------- Any news on this? Has it been fixed? Changing version to 9 as this still applies. I don't see this as relevant. While the author of the patch makes an effort to remove the fixed-size string, the fixed size string is only used to hold the results returned by ttyname(), which is a trusted POSIX function whose return value is well known. as for the second part of the patch, you do not #define SO_PEERCRED anywhere, so I fail to see how the addition of #ifndef SO_PEERCRED has any effect. |