> * debian/patches/0002_excel_when_opening_tmp.patch: Open files with O_EXCL.
Sorry, I think I got confused when I first read this and the code. Now that I'm looking through the code, the debug data is dumped to /var/log/ipmiconsole. It's only when FreeIPMI is being compiled in debug/developer mode that files are temporarily stored in /tmp. So we shouldn't consider the storage of files into /tmp the normal production/release case. So I'm even more confused now on the need for O_EXCL. The production case is exactly what you'd want. Files stored into /var/log/ipmiconsole and already existing is ok. Al On Tue, 2012-10-09 at 18:00 -0400, Yaroslav Halchenko wrote: > On Tue, 09 Oct 2012, Albert Chu wrote: > > > > Hmmmm. What would be the best thing to do? I'm actually liking the idea > > > > of dumping to the current working directory, so that it's the > > > > responsibility of the developer to know what they are doing with this > > > > option. > > > > and you are the boss here -- then O_EXCL should still be kinda useful > > > to preclude those evil acts as far as I see it -- the "developer" might > > > end up in /tmp after some wonder-abouts ;) > > > > alternatively -- debug output filename could make use of mkstemp to > > > craft a unique filename > > > Ahhh, never knew of mkstemp before. I'll have to add that to memory :P > > I was just thinking of adding a PID to the filename, so the developer > > knows which run created the debug dumps. > > PIDs are indeed good but considered "not random enough" to prevent such > types of attacks since the range of available PIDs is quite finite (not > to say that it could be narrowed down quite a bit). I think it might > work if you do not like random names -- if it was e.g. > > ipmiconsole_<PID>_<DATETIMESTAMP>.log > > that would be very descriptive and unlikely to serve as a vector of an > attack. and it if manages to exist (i.e. with O_EXCL) -- you would > definitely know that you are under attack ;) > -- Albert Chu ch...@llnl.gov Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
