Summary: | sys-cluster/openmosixview: Insecure Temporary File Creation Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jean-François Brunette (RETIRED) <formula7> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hp-cluster, tantive |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://secunia.com/advisories/14693/ | ||
Whiteboard: | B3 [glsa] koon | ||
Package list: | Runtime testing required: | --- |
Description
Jean-François Brunette (RETIRED)
2005-03-25 10:38:21 UTC
See discussion about this bug at: http://sourceforge.net/mailarchive/forum.php?thread_id=6929877&forum_id=1042 Patches are at: http://uw-dig.uwaterloo.ca/~hy3chan/patches/openmosixview/1.5/20logdirectory.diff http://uw-dig.uwaterloo.ca/~hy3chan/patches/openmosixview/1.5/50nonodestmp.diff tantive/cluster: please review patches and bump with them if you think they are ok. xmerlin (cluster herd) said he would have a look. fixed in cvs Reopening to handle stable/glsa steps xmerlin: could you bump the revision ? done Security please vote on GLSA need Do openmosixview or the openmosixcollector daemon typically run as root ? If yes, I would issue a GLSA about it, if not, I wouldn't. xmerlin/cluster herd, could you give us your opinion ? I think it can be run by root quite usually, so I vote YES. It needs to be run as root as I can remember I vote yes as well. GLSA 200504-20 |