[Pm-utils] some simple patches from fedora
seife at suse.de
Wed Jan 30 02:41:47 PST 2008
On Sun, Dec 23, 2007 at 11:33:52PM +0100, Till Maas wrote:
> here are some patches from Fedora that work on cvs HEAD, I guess the cfg patch
> is known by everyone and the manpage typo is also pretty obvious. The logfile
> patch is required on systems that use selinux. When the logfile is deleted,
> the selinux context is lost. Therefore the patch changes pm-utils not to
> remove the logfile.
If somebody managed to get a symlink where the logfile should be, you are fscked.
So i think this is less secure.
> There is no need to remove the logfile, because the ">" after exec in the next line
> already truncates the logfile to zero length. Also removing is wrong, because it
What it $PM_LOGFILE is a symlink to /etc/passwd?
> destroys the selinux context of the logfile. Bugzilla Reports:
Then fix selinux. No need to make pm-utils insecure.
R&D Team Mobile Devices | "Any ideas, John?"
SUSE LINUX Products GmbH, Nürnberg | "Well, surrounding them's out."
This footer brought to you by insane German lawmakers:
SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
More information about the Pm-utils