Re: [PATCH] modules_install
Oliver Xymoron (oxymoron@waste.org)
Sun, 4 Oct 1998 15:05:00 -0500 (CDT)
On Sun, 4 Oct 1998, Adam Sulmicki wrote:
> Geert Uytterhoeven writes:
>
> ->- rm -f .misc .allmods; \
> + rm -f /tmp/.misc.$$$$ /tmp/.allmods.$$$$; \
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> extra line here.
>
> Umm, as I see it could create potential security hole.
>
> I would prefer that you first remove the files before writing to them.
> after all someone could make just an link to /etc/passwd.
You've only changed it from an obvious /tmp exploit to a race. Using /tmp
in shell scripts or makefiles should probably be avoided.
Building the kernel as root is also not really necessary, except for the
install step.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/