[Bug 439788] [NEW] ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp
Scott Moser
smoser at ubuntu.com
Thu Oct 1 04:06:50 UTC 2009
Public bug reported:
Binary package hint: ec2-ami-tools
the ec2-bundle-image and ec2-unbundle-image tools make fifos in /tmp
with names of ec2-bundle-image-digest and ec2-unbundle-image-digest
respectively. This is potentially a security issue, and definitely it
means that 2 processes can't be doing this at the same time.
The proposed patch attached uses random filename in /tmp for feeding to
mkfifo. It also turns down the permissions on the fifo that is created
using '--mode' flag to mkfifo.
** Affects: ec2-ami-tools (Ubuntu)
Importance: Medium
Assignee: Scott Moser (smoser)
Status: Confirmed
--
ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp
https://bugs.launchpad.net/bugs/439788
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list