Re: [PATCH] modules_install

Oliver Xymoron (oxymoron@waste.org)
Sun, 4 Oct 1998 15:05:00 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter Mutsaers: "Re: Linus is on a powertrip.."
Previous message: Alan Cox: "Re: [PATCH] modules_install"
In reply to: Adam Sulmicki: "Re: [PATCH] modules_install"
Next in thread: Adam Sulmicki: "Re: [PATCH] modules_install"

On Sun, 4 Oct 1998, Adam Sulmicki wrote:
> Geert Uytterhoeven writes:
>
> ->- rm -f .misc .allmods; \
> + rm -f /tmp/.misc.$$$$ /tmp/.allmods.$$$$; \
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> extra line here.
>
> Umm, as I see it could create potential security hole.
>
> I would prefer that you first remove the files before writing to them.
> after all someone could make just an link to /etc/passwd.

You've only changed it from an obvious /tmp exploit to a race. Using /tmp
in shell scripts or makefiles should probably be avoided.

Building the kernel as root is also not really necessary, except for the
install step.

-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Mutsaers: "Re: Linus is on a powertrip.."
Previous message: Alan Cox: "Re: [PATCH] modules_install"
In reply to: Adam Sulmicki: "Re: [PATCH] modules_install"
Next in thread: Adam Sulmicki: "Re: [PATCH] modules_install"