On Thursday 16 August 2007 11:27:29 Jakub Jelinek wrote: > > >If you compile the whole Fedora tree, how many warnings will you see? > > >How many warnings are about 'better use mkstemp' - for security > > >reasons... If you don't abort you'll not catch the developers > > >attention... It's too bad, but true... Don't want to step on dev's toes > > >of course - it's for sure not true for *all* developers! > > > > I was talking about runtime warnings... Really nasty looking messages > > so they couldn't be ignored... > > Even a runtime warning is a wrong thing to do, aborting immediately is the > only sane thing. +1 > If you let it through, it can create a file with random mode. Say if a > root process creates a file with 4777 perms, do you really want to risk > that while that process is scheduled away somebody copies a shell into that > file and runs it? SE Linux probably won't help here since users are unconfined in targeted policy (unless you did some tweeking with the roles). So, we need another mechanism to prevent the general problem. I'd also like to remind people that a few releases ago we had buffer overflow problems. Now, most of those are cleaned up. This is just a temporary problem until we clean things up. This is what rawhide is for. -Steve -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
