Red Hat Bugzilla – Bug 126669
[has patch] canna creates /tmp/.iroha_unix, mode 0777, instead of using /var/run/.iroha_unix
Last modified: 2007-11-30 17:10:45 EST
I don't use or understand this program at all. And I don't speak
Japanese, so the learning curve is a bit steep. But, in Fedora Core 2
and in the current rawhide version, it's creating /tmp/.iroha_unix as
a world-writable directory. That doesn't seem right.
The package also owns /var/run/.iroha_unix, with far more restrictive
permissions, but doesn't appear to put anything there.
I've made a patch to the config file which causes it to actually put
the IROHA socket file in /var/run/.iroha_unix. I'll attach this patch
in a second.
I don't have a good way of testing this (I'll see if I can find a
japanese speaking linux-savvy student somewhere around here....), but
it seems like the right thing to do.
Created attachment 101377 [details]
use /var/run/.iroha_unix instead of creating /tmp/.iroha_unix with insecure permissions
(It occurs to me that it might also be good to patch the code so that if the
directory doesn't exist and needs to be recreated, it's created with the right
permissions instead of 0777.
already fixed in 3.7p3-4 which has been released yesterday. thanks for
the notification anyway.