Hello Dmitry, Thanks for your test, but atm I've some problems to fix this issue for lustre- tests > In some packages I've discovered scripts with errors which may be used > by a user for damaging important system files or user's files. > > For example if a script uses in its work a temp file which is created > in /tmp directory, then every user can create symlink with the same > name in this directory in order to destroy or rewrite some system > or user file. Symlink attack may also lead not only to the data > desctruction but to denial of service as well. Btw: lustre-tests is a package which contains only binaries for debugging lustre, and is therefore only needed on very very few systems.
But nevertheless this should be fixed.
I guess the part which is critical is this one:
-----------snip------------------
while date; do
LOOP=`expr $LOOP + 1`
echo "Test #$LOOP"
iozone $VERIFY $ODIR -r $REC -i 0 -i 1 -f $FILE -s $SIZE 2>&1 || exit $?
[ -f endiozone -o $LOOP -ge $COUNT ] && rm -f endiozone && exit 0
done | tee /tmp/iozone.log
------------snap----------------
This small script creates a log of the iozone run in /tmp without checking if
this file exists there. Do you have any hints how to fix this issue?
Greetings
Winnie
signature.asc
Description: This is a digitally signed message part.
