Dne 17.10.2011 13:02, fehr(a)svn2.opensuse.org napsal(a):
> @@ -149,8 +167,15 @@
> {
> map prop = StorageProposal::get_inst_prop(Storage::GetTargetMap());
> y2milestone( "prop ok:%1", prop["ok"]:false );
> + SCR::Write(.target.ycp, "/tmp/prop_first", prop );
Do not use a fixed path when writing to /tmp as root (security issue).
(This seems to be used only during installation, so probably no real problem here,
but if someone calls the function in the installed system or copy&past part
of the code then there is a security problem...)
--
Ladislav Slezák
Appliance department / YaST Developer
Lihovarská 1060/12
190 00 Prague 9 / Czech Republic
tel: +420 284 028 960
lslezak(a)suse.com
SUSE
--
To unsubscribe, e-mail: yast-devel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: yast-devel+owner(a)opensuse.org