Predictable glusterfs log filename in world writable /tmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Predictable glusterfs log filename in world writable /tmp
From: Ville Skyttä <ville.skytta@xxxxxxxxxxx>
Date: Thu, 4 Nov 2021 09:53:50 +0200

Hello!

I happened to stumble upon this:

$ grep /tmp engines/glusterfs.c
glfs_set_logging(fs, "/tmp/fio_gfapi.log", 7);

IIUC glfs starts appending to that file if it exists, which would mean
a vulnerability to arbitrary file append via a symlink. Briefly
discussed in private mail with Jens, agreed to send here for info.

Cheers, Ville

Prev by Date: [PATCH] Spelling and grammar fixes
Next by Date: Any plans to support Command Duration Limit (CDL)?
Previous by thread: [PATCH] Spelling and grammar fixes
Next by thread: Any plans to support Command Duration Limit (CDL)?
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Linux SCSI] [Linux IDE] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux SCSI]

Powered by Linux