| To: | Jakub Wilk <jwilk@xxxxxxxxxx>, 771793@xxxxxxxxxxxxxxx |
|---|---|
| Subject: | Bug#771793: [pcp] Bug#771793: pcp: insecure use of /var/tmp in postinst |
| From: | Nathan Scott <nathans@xxxxxxxxxx> |
| Date: | Tue, 2 Dec 2014 18:33:56 -0500 (EST) |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <20141202131642.GA5780@xxxxxxxxx> |
| References: | <20141202131642.GA5780@xxxxxxxxx> |
| Reply-to: | Nathan Scott <nathans@xxxxxxxxxx>, 771793@xxxxxxxxxxxxxxx |
| Resent-cc: | PCP Development Team <pcp@xxxxxxxxxxx> |
| Resent-date: | Tue, 02 Dec 2014 23:36:01 +0000 |
| Resent-from: | Nathan Scott <nathans@xxxxxxxxxx> |
| Resent-message-id: | <handler.771793.B771793.141756323932088@xxxxxxxxxxxxxxx> |
| Resent-to: | debian-bugs-dist@xxxxxxxxxxxxxxxx |
| Thread-index: | KiMtscA3Ym4KxUaY42Gm5+ZgF9xujA== |
| Thread-topic: | Bug#771793: pcp: insecure use of /var/tmp in postinst |
Hi Jakub, ----- Original Message ----- > [...] > I'd suggest using stat(1) to check the file type and ownership > atomically, and without following symlinks. Something like this should > work: > > [ "$(LC_ALL=C stat -c '%u %g %F' $dir)" = "0 0 directory" ] && mv $dir > /var/lib/pcp/tmp Yep, looks good - will get this included in the next update, thanks. cheers. -- Nathan |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: pmwebd: Defining the directory for PCP Archives, Frank Ch. Eigler |
|---|---|
| Next by Date: | Bug#771789: [pcp] Bug#771789: libpcp-pmda-perl: uninstallable on i386: depends on perlapi-5.18.2, Nathan Scott |
| Previous by Thread: | Bug#771793: pcp: insecure use of /var/tmp in postinst, Jakub Wilk |
| Next by Thread: | [PATCH] Fix some rpmlint warnings, Michele Baldessari |
| Indexes: | [Date] [Thread] [Top] [All Lists] |