Mailinglist Archive: yast-devel (78 mails)

< Previous Next >
[yast-devel] Re: [yast-commit] r66466 - in /trunk/storage: package/yast2-storage.changes storage/src/inst_disk_proposal.ycp
Dne 17.10.2011 13:02, fehr@xxxxxxxxxxxxxxxxx napsal(a):
@@ -149,8 +167,15 @@
{
map prop = StorageProposal::get_inst_prop(Storage::GetTargetMap());
y2milestone( "prop ok:%1", prop["ok"]:false );
+ SCR::Write(.target.ycp, "/tmp/prop_first", prop );

Do not use a fixed path when writing to /tmp as root (security issue).
(This seems to be used only during installation, so probably no real problem
here,
but if someone calls the function in the installed system or copy&past part
of the code then there is a security problem...)


--

Ladislav Slez√°k
Appliance department / YaST Developer
Lihovarsk√° 1060/12
190 00 Prague 9 / Czech Republic
tel: +420 284 028 960
lslezak@xxxxxxxx
SUSE
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: yast-devel+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups