Hello Dmitry,
Thanks for your test, but atm I've some problems to fix this issue for lustre-
tests
> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.
>
> For example if a script uses in its work a temp file which is  created
> in /tmp directory, then every user can create symlink  with  the  same
> name in this directory in order to  destroy  or  rewrite  some  system
> or user file.  Symlink attack may also  lead  not  only  to  the  data
> desctruction but to denial of service as well.
Btw: lustre-tests is a package which contains only binaries for debugging 
lustre, and is therefore only needed on very very few systems. 

But nevertheless this should be fixed. 

I guess the part which is critical is this one:
-----------snip------------------
while date; do
        LOOP=`expr $LOOP + 1`
        echo "Test #$LOOP"
        iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $?
        [ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0
done | tee /tmp/iozone.log
------------snap----------------

This small script creates a log of the iozone run in /tmp without checking if 
this file exists there.  Do you have any hints how to fix this issue? 

Greetings
Winnie


Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Pkg-lustre-maintainers mailing list
Pkg-lustre-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-lustre-maintainers

Reply via email to