On Wed, Oct 19, Ladislav Slezak wrote:
> Dne 17.10.2011 13:02, [email protected] napsal(a):
> >@@ -149,8 +167,15 @@
> > {
> > map prop = StorageProposal::get_inst_prop(Storage::GetTargetMap());
> > y2milestone( "prop ok:%1", prop["ok"]:false );
> >+ SCR::Write(.target.ycp, "/tmp/prop_first", prop );
>
> Do not use a fixed path when writing to /tmp as root (security issue).
> (This seems to be used only during installation, so probably no real
> problem here,
> but if someone calls the function in the installed system or copy&past part
> of the code then there is a security problem...)
Oops, that SCR::Write line should not have been in the commited changes
anyway. Was just there for testing purposes. Removed it.
Tschuess,
Thomas Fehr
--
Thomas Fehr, SuSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Tel: +49-911-74053-0, Fax: +49-911-74053-482, Email: [email protected]
GPG public key available.
--
To unsubscribe, e-mail: [email protected]
To contact the owner, e-mail: [email protected]
