On Sun, Dec 23, 2007 at 11:33:52PM +0100, Till Maas wrote: > Hi, > > here are some patches from Fedora that work on cvs HEAD, I guess the cfg > patch > is known by everyone and the manpage typo is also pretty obvious. The logfile > patch is required on systems that use selinux. When the logfile is deleted, > the selinux context is lost. Therefore the patch changes pm-utils not to > remove the logfile.
If somebody managed to get a symlink where the logfile should be, you are fscked. So i think this is less secure. > There is no need to remove the logfile, because the ">" after exec in the > next line > already truncates the logfile to zero length. Also removing is wrong, because > it What it $PM_LOGFILE is a symlink to /etc/passwd? > destroys the selinux context of the logfile. Bugzilla Reports: > https://bugzilla.redhat.com/show_bug.cgi?id=237840 > https://bugzilla.redhat.com/show_bug.cgi?id=238068 Then fix selinux. No need to make pm-utils insecure. -- Stefan Seyfried R&D Team Mobile Devices | "Any ideas, John?" SUSE LINUX Products GmbH, Nürnberg | "Well, surrounding them's out." This footer brought to you by insane German lawmakers: SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) _______________________________________________ Pm-utils mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/pm-utils
