Hello Dmitry, Thanks for your test, but atm I've some problems to fix this issue for lustre- tests > In some packages I've discovered scripts with errors which may be used > by a user for damaging important system files or user's files. > > For example if a script uses in its work a temp file which is created > in /tmp directory, then every user can create symlink with the same > name in this directory in order to destroy or rewrite some system > or user file. Symlink attack may also lead not only to the data > desctruction but to denial of service as well. Btw: lustre-tests is a package which contains only binaries for debugging lustre, and is therefore only needed on very very few systems.
But nevertheless this should be fixed. I guess the part which is critical is this one: -----------snip------------------ while date; do LOOP=`expr $LOOP + 1` echo "Test #$LOOP" iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $? [ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0 done | tee /tmp/iozone.log ------------snap---------------- This small script creates a log of the iozone run in /tmp without checking if this file exists there. Do you have any hints how to fix this issue? Greetings Winnie
Description: This is a digitally signed message part.
_______________________________________________ Pkg-lustre-maintainers mailing list Pkgfirstname.lastname@example.org http://lists.alioth.debian.org/mailman/listinfo/pkg-lustre-maintainers