[Bug 439788] [NEW] ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp
Scott Moser
smoser at ubuntu.com
Thu Oct 1 05:06:50 BST 2009
Public bug reported:
Binary package hint: ec2-ami-tools
the ec2-bundle-image and ec2-unbundle-image tools make fifos in /tmp
with names of ec2-bundle-image-digest and ec2-unbundle-image-digest
respectively. This is potentially a security issue, and definitely it
means that 2 processes can't be doing this at the same time.
The proposed patch attached uses random filename in /tmp for feeding to
mkfifo. It also turns down the permissions on the fifo that is created
using '--mode' flag to mkfifo.
** Affects: ec2-ami-tools (Ubuntu)
Importance: Medium
Assignee: Scott Moser (smoser)
Status: Confirmed
--
ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp
https://bugs.launchpad.net/bugs/439788
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ec2-ami-tools in ubuntu.
More information about the Ubuntu-server-bugs
mailing list