Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=756179 --- Comment #2 from Jim Meyering <meyering@xxxxxxxxxx> 2011-11-23 05:40:06 EST --- I'll be afk for a while soon, and probably won't be back before 4pm (10am your time), but here's some initial feedback: I noticed that this code uses /tmp/audrey as a "STORAGE_DIR", src/config.ru:storage_dir = ENV['STORAGE_DIR'] || '/tmp/audrey' described as: # Directory where aeolus-configserver stores the instance configrations First, that's a typo: s/configrations/configurations/ More importantly, I don't see anything that guarantees /tmp/audrey has been created by us and that it isn't writable by others. Sounds risky to use a hard-coded name like that. What if someone else has already created it? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review