Public bug reported:
Binary package hint: ec2-ami-tools
the ec2-bundle-image and ec2-unbundle-image tools make fifos in /tmp
with names of ec2-bundle-image-digest and ec2-unbundle-image-digest
respectively. This is potentially a security issue, and definitely it
means that 2 processes can't be doing this at the same time.
The proposed patch attached uses random filename in /tmp for feeding to
mkfifo. It also turns down the permissions on the fifo that is created
using '--mode' flag to mkfifo.
** Affects: ec2-ami-tools (Ubuntu)
Importance: Medium
Assignee: Scott Moser (smoser)
Status: Confirmed
--
ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp
https://bugs.launchpad.net/bugs/439788
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ec2-ami-tools in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
