Dan Price wrote:
On Thu 07 May 2009 at 09:48AM, Jerry Jelinek wrote:
Dan,
I reviewed the zones-related files and they seem ok to me. I don't know
enough to review the other files. I did have one comment. In
src/brand/attach the code at 519, 520, 525 and 526 is reaching into
the zoneroot for a zone thats already been installed and in use. Since
this could be a security issue, I think you should validate that these
paths are valid and aren't symlinked someplace they shouldn't be.
Nice catch. Do we have a snippet somewhere which does this
already?
Dan,
The attach script is already including the
/usr/lib/brand/ipkg/common.ksh file. This
file has the safe_dir() function which you
could use. You could also look at the safe_copy()
and safe_move() functions in there if you need
a little test to copy.
Thanks,
Jerry
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
