On August 6, 2012 at 9:30 AM Sami Kerola <kerolasa@xxxxxx> wrote: > On Mon, Aug 6, 2012 at 8:14 AM, Bernhard Voelker > <mail@xxxxxxxxxxxxxxxxxxx> wrote: > Hi Berny, > > Yes, I did mention file exchange should probably warn. When I > added the warning it looked like noise, and I could not get > message right. > > > We're talking about the intermediate file (in /tmp), but as it's > > name is visible e.g. in ps listings, I'd recommend to be cautious > > about it. > > The temporary file in vipw case is created to /etc/ and moved in > place within directory. Earlier /tmp/ was used, but it resulted > to non-atomic move and rename(2) complaining about device > boundary. See following commit for details. yes, /etc right. > I am assuming /etc/ is not normally writable for users, so the > security problem should be mostly theoretical. That said perhaps > a message such as > > vipw: intermediate /etc/vipw.XXXXX file change > > might be appropriate, if it is explained in vipw(8). Or is it > simply noise no-one cares? Right, /etc is quite safe. Therefore, as vipw is deprecated anyway, I'd say your patch is okay. Have a nice day, Berny -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
