Full_Name: Chris Zagar Version: 2.4.48 OS: Linux URL: Submission from: (NULL) (68.98.212.84) /build/mkdep contains this line: TMP=/tmp/mkdep$$ that forces the use of the /tmp directory. The /tmp directory is vulnerable to race conditions. The rest of OpenLDAP obeys the TMPDIR environment variable if it exists as a mitigation to this risk. Would you please consider changing this to: TMP=${TMPDIR-/tmp}/mkdep$$ so this will obey TMPDIR as well? Thank you. Chris Zagar zagarc@oclc.org
changed notes changed state Open to Test moved from Incoming to Build
--On Sunday, August 11, 2019 7:34 PM +0000 zagarc@oclc.org wrote: > Would you please consider changing this to: > > TMP=${TMPDIR-/tmp}/mkdep$$ Thanks for the report, this is fixed in OpenLDAP master. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
Thank you! Chris From: Quanah Gibson-Mount <quanah@symas.com> Sent: Tuesday, August 13, 2019 8:06 AM To: Zagar (Contractor),Chris <zagarc@oclc.org>; openldap-its@OpenLDAP.org Subject: [External] Re: (ITS#9062) Please have /build/mkdep respect TMPDIR if set --On Sunday, August 11, 2019 7:34 PM +0000 zagarc@oclc.org<mailto:zagarc@oclc.org> wrote: > Would you please consider changing this to: > > TMP=${TMPDIR-/tmp}/mkdep$$ Thanks for the report, this is fixed in OpenLDAP master. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com<http://www.symas.com>>
changed notes changed state Test to Release
Fixed in master Fixed in RE24 (2.4.49)
changed notes changed state Release to Closed