On 09/12/2012 04:58 AM, Constantin Musca wrote:
We must use one TMPDIR per process (/tmp/${PID}) so that the patching
processes don't generate the same temp file name (the "patch" program
uses the TMPDIR environment variable for deciding where to create the
temp files).
[YOCTO #3070]
Signed-off
Richard Purdie writes:
> I would point out that the build process is likely full of such races
> though.
Yes; I know. But there is really no excuse to introduce insecure tmpfile
creation; especially because safe techniques are well known, available
and cheap.
All the build tools (gcc, make, a
On Fri, 2012-09-14 at 14:24 +0200, Enrico Scholz wrote:
> Richard Purdie writes:
>
> >> > +process_tmpdir = os.path.join('/tmp', str(os.getpid()))
> >> > +shutil.rmtree(process_tmpdir)
>
> > Its only being used as a prefix, not as the full directory path name
> > so it isn't quite as
Richard Purdie writes:
>> > +process_tmpdir = os.path.join('/tmp', str(os.getpid()))
>> > +shutil.rmtree(process_tmpdir)
> Its only being used as a prefix, not as the full directory path name
> so it isn't quite as insecure as it would first appear.
It *is* insecure as it would firs
On Fri, 2012-09-14 at 13:28 +0200, Enrico Scholz wrote:
> Constantin Musca
> writes:
>
> > +process_tmpdir = os.path.join('/tmp', str(os.getpid()))
> > +if os.path.exists(process_tmpdir):
> > +shutil.rmtree(process_tmpdir)
> > +os.makedirs(process_tmpdir)
>
> ooo... this
Constantin Musca
writes:
> +process_tmpdir = os.path.join('/tmp', str(os.getpid()))
> +if os.path.exists(process_tmpdir):
> +shutil.rmtree(process_tmpdir)
> +os.makedirs(process_tmpdir)
ooo... this violates trivial rules regarding secure generation of
tempfiles. Better us
We must use one TMPDIR per process (/tmp/${PID}) so that the patching
processes don't generate the same temp file name (the "patch" program
uses the TMPDIR environment variable for deciding where to create the
temp files).
[YOCTO #3070]
Signed-off-by: Constantin Musca
---
meta/classes/patch.bbc
