Public bug reported: Binary package hint: ec2-ami-tools
the ec2-bundle-image and ec2-unbundle-image tools make fifos in /tmp with names of ec2-bundle-image-digest and ec2-unbundle-image-digest respectively. This is potentially a security issue, and definitely it means that 2 processes can't be doing this at the same time. The proposed patch attached uses random filename in /tmp for feeding to mkfifo. It also turns down the permissions on the fifo that is created using '--mode' flag to mkfifo. ** Affects: ec2-ami-tools (Ubuntu) Importance: Medium Assignee: Scott Moser (smoser) Status: Confirmed -- ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp https://bugs.launchpad.net/bugs/439788 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ec2-ami-tools in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs