[yast-devel] Re: [yast-commit] r66466 - in /trunk/storage: package/yast2-storage.changes storage/src/inst_disk_proposal.ycp
Dne 17.10.2011 13:02, fehr@svn2.opensuse.org napsal(a):
@@ -149,8 +167,15 @@ { map prop = StorageProposal::get_inst_prop(Storage::GetTargetMap()); y2milestone( "prop ok:%1", prop["ok"]:false ); + SCR::Write(.target.ycp, "/tmp/prop_first", prop );
Do not use a fixed path when writing to /tmp as root (security issue). (This seems to be used only during installation, so probably no real problem here, but if someone calls the function in the installed system or copy&past part of the code then there is a security problem...) -- Ladislav Slezák Appliance department / YaST Developer Lihovarská 1060/12 190 00 Prague 9 / Czech Republic tel: +420 284 028 960 lslezak@suse.com SUSE -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On Wed, Oct 19, Ladislav Slezak wrote:
Dne 17.10.2011 13:02, fehr@svn2.opensuse.org napsal(a):
@@ -149,8 +167,15 @@ { map prop = StorageProposal::get_inst_prop(Storage::GetTargetMap()); y2milestone( "prop ok:%1", prop["ok"]:false ); + SCR::Write(.target.ycp, "/tmp/prop_first", prop );
Do not use a fixed path when writing to /tmp as root (security issue). (This seems to be used only during installation, so probably no real problem here, but if someone calls the function in the installed system or copy&past part of the code then there is a security problem...)
Oops, that SCR::Write line should not have been in the commited changes anyway. Was just there for testing purposes. Removed it. Tschuess, Thomas Fehr -- Thomas Fehr, SuSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Tel: +49-911-74053-0, Fax: +49-911-74053-482, Email: fehr@suse.de GPG public key available. -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
participants (2)
-
Ladislav Slezak -
Thomas Fehr