The open() system call in f8 really broken...
Steve Dickson
SteveD at redhat.com
Thu Aug 16 01:49:08 UTC 2007
Steve Grubb wrote:
> On Wednesday 15 August 2007 21:19:00 Steve Dickson wrote:
>>> And yes, its conceivable the stack contents could create
>>> a world writable setuid file which cannot ever be the intended operation.
>> The key word being "conceivable"... a hole that size would have been
>> found a long time ago...
>
> This did in-fact happen in the wild and that's why its fixed this way. Its a
> serious problem and it should be treated that way.
I'm not say is a problem that shouldn't be fixed... but I'm arguing that
killing process is not the appropriate way to deal with it... at least
right away.. make it a warning, which give developers a chance to fix
the problem and then, in the next OS release take a stronger stance...
steved.
More information about the Fedora-maintainers
mailing list