On 29 January 2014 09:57, Raphael Geissert <geiss...@debian.org> wrote: [...] > One thing to notice, however, is that there's a race condition between > the stat check introduced in 34b1087870c2. > The following sequence still triggers the bogus behaviour: > > <user> mkdir $dir > <phusion> lstat() (getFileTypeNoFollowSymlinks) > <user> rmdir $dir > <user> ln -s /target $dir > <phusion> stat() (from verifyDirectoryPermissions) > ...
Upstream has now fixed this with the following commit (basically using the structure from lstat() for the two checks): https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org