Closed
Bug 190188
Opened 22 years ago
Closed 18 years ago
checksetup.pl doesn't check file permissions before open(), nor does it check the return value of open()
Categories
(Bugzilla :: Installation & Upgrading, defect)
Bugzilla
Installation & Upgrading
Tracking
()
RESOLVED
FIXED
Bugzilla 3.0
People
(Reporter: jon, Assigned: mkanat)
References
Details
(Whiteboard: [fixed by blocker])
Attachments
(1 file)
|
748 bytes,
text/plain
|
Details |
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20021203
Build Identifier: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20021203
After i updated my cvs tree to HEAD, i noticed checksetup.pl was broken. i got
several "print to closed filehandle" errors. i found the errors and corrected
them. i'll attach a patch after i submit this bug.
Reproducible: Always
Steps to Reproduce:
1.chmod localconfig 444
2. ./checksetup.pl
Actual Results:
perl errors ("print on closed filehandle at ./checksetup.pl, line 385).
Expected Results:
not spit out errors.
|
Reporter | |
Comment 1•22 years ago
|
||
|
||
Comment 2•22 years ago
|
||
-> patch author
Assignee: zach → jon
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → Bugzilla 2.18
|
||
Comment 3•22 years ago
|
||
Comment on attachment 112333 [details] patch to fix broken use of open() at line 385 >- open FILE, '>>localconfig'; >+ if (-e 'localconfig' and not -W 'localconfig') { >+ chmod('0644','localconfig'); >+ } >+ open FILE, '>>localconfig' or die "Couldn't write to localconfig: $!"; I'm not so crazy about chmoding localconfig as 644 (according to a landfill install, it's 640 by default). It seems likely to introduce a security hole down the line if there is a bug in the chmod'ing section of checksetup. How about we just add the die statement to open (I should add a test to check for die calls on all calls to open) and include something in the error message to the effect that it would be a good idea to ensure that the user running checksetup can write to localconfig.
|
||
Comment 4•20 years ago
|
||
Unloved bugs targetted for 2.18 but untouched since 9-15-2003 are being retargeted to 2.20 If you plan to act on one immediately, go ahead and pull it back to 2.18.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20
|
Assignee | |
Comment 5•19 years ago
|
||
This bug has not been touched by its owner in over six months, even though it is targeted to 2.20, for which the freeze is 10 days away. Unsetting the target milestone, on the assumption that nobody is actually working on it or has any plans to soon. If you are the owner, and you plan to work on the bug, please give it a real target milestone. If you are the owner, and you do *not* plan to work on it, please reassign it to nobody@bugzilla.org or a .bugs component owner. If you are *anybody*, and you get this comment, and *you* plan to work on the bug, please reassign it to yourself if you have the ability.
Target Milestone: Bugzilla 2.20 → ---
|
|
Reporter | |
Comment 6•19 years ago
|
||
sorry, didn't realize this was assigned to me. my bugzilla.vmware.com tree hasn't been sync'd since 2.17.4, so i'm not the right person to work on this.
Assignee: jon → nobody
|
||
Updated•18 years ago
|
QA Contact: mattyt-bugzilla → default-qa
|
|
Assignee | |
Comment 7•18 years ago
|
||
I've fixed all these instances as part of the various blockers to the "reorganize checksetup" bug.
|
|
Assignee | |
Updated•18 years ago
|
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 3.0
|
|
Assignee | |
Comment 8•18 years ago
|
||
*** Bug 122110 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•