Bug 476068 - Post install is a potential security risk.
Post install is a potential security risk.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: dmraid (Show other bugs)
rawhide
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: LVM and device-mapper development team
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-11 14:32 EST by Daniel Walsh
Modified: 2008-12-11 16:58 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-11 16:11:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Walsh 2008-12-11 14:32:41 EST
Description of problem:

You are using easily guess able /tmp files that a hacker could create and cause a root process to do some evil things.

Either use /var/run or mktemp to create the temporary file.

This effects all Rawhide, F10 and RHEL5 at least.
Comment 1 Milan Broz 2008-12-11 14:53:47 EST
Daniel, I think that this problem is not in rawhide nor F10.

RHEL5 rpm was reverted from compose, we found that problem too already,
and this package will be not released.

Please can you provide exact version of spec which is affected?
Comment 2 Alasdair Kergon 2008-12-11 16:11:31 EST
I can't see the problem in fedora either.

%post libs -p /sbin/ldconfig

Please reopen if you're referring to something else we've missed.
Comment 3 Daniel Walsh 2008-12-11 16:58:13 EST
ok, thanks.

Note You need to log in before you can comment on or make changes to this bug.