<URL: http://bugs.freeciv.org/Ticket/Display.html?id=39901 >
Please use the email interface, your comments were not sent to the list. > Not really, it's more of a security thing. > > Quote from one of our kernel guys: "The problem is that without a mode > being passed, the kernel uses whatever the stack contents are. And yes, > its conceivable the stack contents could create a world writable setuid > file which cannot ever be the intended operation." Speaking as a long-time Internet security guy, that sounds like a serious userland/kernel interface implementation bug!!!! First of all, according to the documentation, the mask is optional -- you really need to use varargs here, that's what the "..." means in the documentation prototype. Secondly, according to the documentation, the mask is AND'd with the current umask. There *MUST NOT* be any way for AND to set new bits! I'll pass this along to the Linux NFS kernel maintainers when I see them on Wednesday.... _______________________________________________ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
