https://bugzilla.novell.com/show_bug.cgi?id=665367 https://bugzilla.novell.com/show_bug.cgi?id=665367#c0 Summary: /etc/init.d/boot.braille has racy code Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: All OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: security-team@suse.de ReportedBy: crrodriguez@opensuse.org QAContact: qa@suse.de Found By: Community User Blocker: --- This piece of code in the init script if [ ! -z "$Braille" ];then sed -e "s#brlname=.*#brlname=$Braille#" \ -e "s#brlport=.*#brlport=$Brailledevice#" /etc/suse-blinux.conf \ >/tmp/suse-blinux.conf mv -f /tmp/suse-blinux.conf /etc fi Has an evident race condition, suggest to either use sed's "-i" which internally uses a temporary file or use mktemp. This file is also not owned by any package, so Im assiging this to the security team m, in case they are nice enough to check what package creates this file... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.