Skip Menu |
 

This queue is for tickets about the Message-Passing-ZeroMQ CPAN distribution.

Report information
The Basics
Id: 89043
Status: new
Priority: 0/
Queue: Message-Passing-ZeroMQ

People
Owner: Nobody in particular
Requestors: dr [...] jones.dk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From jonas [...] jones.dk Mon Sep 30 05: 15:05 2013
MIME-Version: 1.0
X-Spam-Status: No, score=-6.233 tagged_above=-99.9 required=10 tests=[AWL=0.665, BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_FAIL=0.001] autolearn=ham
Content-Disposition: inline
X-Spam-Flag: NO
Message-ID: <20130930091432.4370.5383 [...] bastian.jones.dk>
Content-Type: multipart/signed; boundary="===============5501962844922558213=="; micalg="pgp-sha1"; protocol="application/pgp-signature"
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -6.233
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 055F624134B for <cpan-bug+message-passing-zeromq [...] hipster.bestpractical.com>; Mon, 30 Sep 2013 05:15:05 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OnAAFgOkG0lL for <cpan-bug+message-passing-zeromq [...] hipster.bestpractical.com>; Mon, 30 Sep 2013 05:14:59 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 05ED4241334 for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 05:14:57 -0400 (EDT)
Received: (qmail 20275 invoked by alias); 30 Sep 2013 09:14:57 -0000
Received: from coreander.jones.dk (HELO coreander.jones.dk) (80.68.88.141) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Mon, 30 Sep 2013 02:14:45 -0700
Received: from localhost (localhost [127.0.0.1]) by coreander.jones.dk (Postfix) with ESMTP id 7A4603001D5 for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 11:14:40 +0200 (CEST)
Received: from coreander.jones.dk ([127.0.0.1]) by localhost (coreander.jones.dk [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 8CkOEiwi4bnz for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 11:14:35 +0200 (CEST)
Received: from xayide.jones.dk (188-183-5-254-static.dk.customer.tdc.net [188.183.5.254]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by coreander.jones.dk (Postfix) with ESMTPS id 76CBF30008F for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 11:14:35 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by xayide.jones.dk (Postfix) with ESMTP id C3080D6B for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 11:04:28 +0200 (CEST)
Received: from xayide.jones.dk ([127.0.0.1]) by localhost (xayide.jones.dk [127.0.0.1]) (amavisd-new, port 10024) with SMTP id sy6X-8_bSGRL for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 11:04:27 +0200 (CEST)
Received: from jones.dk (unknown [192.168.222.58]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by xayide.jones.dk (Postfix) with ESMTPSA id D8178D5A for <bug-message-passing-zeromq [...] rt.cpan.org>; Mon, 30 Sep 2013 11:04:27 +0200 (CEST)
Received: (nullmailer pid 23973 invoked by uid 1000); Mon, 30 Sep 2013 09:14:33 -0000
Delivered-To: cpan-bug+message-passing-zeromq [...] hipster.bestpractical.com
Subject: predictable files in /tmp
User-Agent: alot/0.3.5
Return-Path: <jonas [...] jones.dk>
X-RT-Mail-Extension: message-passing-zeromq
X-Original-To: cpan-bug+message-passing-zeromq [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
Date: Mon, 30 Sep 2013 11:14:32 +0200
X-Spam-Level:
To: bug-message-passing-zeromq [...] rt.cpan.org
From: Jonas Smedegaard <dr [...] jones.dk>
X-RT-Interface: Email
Content-Length: 0
MIME-Version: 1.0
content-type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Content-Length: 1039
Hi, I noticed your recent fix for ØMQ bug#140 changing to /tmp if ZMQ_SWAP is enabled. That makes me worry: does that mean ØMQ creates predictable files in a shared writable directory? If so, I'd say that's a bug: It is common practice to chdir to root dir before starting daemons - AFAIUI not only to ensure the path does not disappear while daemon is running, but also to ensure CWD is not writable - exactly to avoid surprise security weaknesses like this. Unless ØMQ only does a silly check for writability (i.e. does not actually write any files to CWD), I suggest to _not_ do a chdir, but instead do a check for write access on our own and fail with a human understandable error if not - hinting about the need for CWD to be writable (and recommending to use a _private_ writable dir if the system has any untrusted users. Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Content-Description: signature
MIME-Version: 1.0
Content-Type: application/pgp-signature; charset="us-ascii"; name="signature.asc"
Content-Transfer-Encoding: 7bit
X-RT-Original-Encoding: ascii
Content-Length: 490
Download signature.asc
application/pgp-signature 490b

Message body not shown because it is not plain text.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.