[PATCH] Remove all uses of "/tmp" from perl diag (Was Re: [ofa-general] Re: [RFC] IB management changes proposal)
Hal Rosenstock
halr at voltaire.com
Fri Apr 27 06:28:45 PDT 2007
On Thu, 2007-04-26 at 23:52, Ira Weiny wrote:
> On Thu, 26 Apr 2007 19:47:04 -0700
> Roland Dreier <rdreier at cisco.com> wrote:
>
> > > > I'm sorry, I'm not familiar with the code.
> > > > I was just saying that using /tmp/ibnetdiscover.topology is clearly
> > > > a security risk since /tmp is world-writeable. Isn't it?
> > >
> > > However, I think the risk is pretty low. The scripts only use this information
> > > to report other information about the subnet. The only damage would be if an
> > > admin misinterpreted this information and did something bad to the net.
> >
> > You're not being devious enough. Look up "symlink attack" to see one
> > idea of something evil that an attacker could do.
>
> Ok, you scared me. ;-) How about the following patch? Would an autoconf
> option be better?
>
> Ira
>
>
> >From 4f3c4c69bf7920284ea9894246abc540b4d99cfb Mon Sep 17 00:00:00 2001
> From: Ira K. Weiny <weiny2 at llnl.gov>
> Date: Thu, 26 Apr 2007 20:40:50 -0700
> Subject: [PATCH] Remove all uses of "/tmp" from perl diags
>
> Remove all the uses of /tmp for cached application data. Replace with a
> global defined to /var/cache/infiniband-diags.
>
> Signed-off-by: Ira K. Weiny <weiny2 at llnl.gov>
Thanks. Applied (to both master and ofed_1_2).
-- Hal
More information about the general
mailing list