[Pm-utils] some simple patches from fedora
Stefan Seyfried
seife at suse.de
Wed Jan 30 07:18:39 PST 2008
On Wed, Jan 30, 2008 at 04:11:44PM +0100, Till Maas wrote:
> On Wed January 30 2008, Stefan Seyfried wrote:
>
> > If somebody managed to get a symlink where the logfile should be, you are
> > fscked. So i think this is less secure.
>
> And what if somebody gets /usr/lib/pm-utils/bin/pm-action to be an arbitrary
> binary? Then you are fscked, too.
But you might need to subvert another part of the system to accomplish this.
Being paranoid, it is always a good idea to at least make sure that there is
no symlink where you want to create your file. The easiest way to accomplish
this is to remove it before. If selinux cannot cope with that, that's a
selinux problem. Fix it there.
> I do not see the point, how changing the
> logfile is easier than changing any other component of pm-utils.
It depends on what service you can get to act up. Additional paranoia is
always good. :-)
--
Stefan Seyfried
R&D Team Mobile Devices | "Any ideas, John?"
SUSE LINUX Products GmbH, Nürnberg | "Well, surrounding them's out."
This footer brought to you by insane German lawmakers:
SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
More information about the Pm-utils
mailing list