Re: [PATCH] modules_install

Meelis Roos (mroos@tartu.cyber.ee)
Sun, 4 Oct 1998 22:38:13 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: [PATCH] modules_install"
Previous message: Larry McVoy: "Re: [offtopic] BitKeeper & distributions, please read"

GU> `make modules_install' creates some temporary files inside the kernel source
GU> directory. However, if that directory is imported using NFS in the recommended
GU> and secure way, root is not allowed to create files there. This patch solves
GU> that problem by creating the temporary files in /tmp.

GU> + ls *.o > /tmp/.allmods.$$$$; \

NO! This creates a race condition allowing malicious user to overwrite any
file if (s)he creates dozens of symlinks in /tmp. Using just pid to
guarantee uniqueness of the name is not enough. And we don't want do depend
on 'mktemp'... So I can't offer any good solution. A private directory in
/tmp? In a shell script and without race conditions - how?

-- Meelis Roos (mroos@tartu.cyber.ee)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH] modules_install"
Previous message: Larry McVoy: "Re: [offtopic] BitKeeper & distributions, please read"