Hi Roland,
you did not handle this RC bug and hence ConVirt is not part of Lenny…
it's a pity as XenMan used to be part of Etch.
There's a new upstream release out and they claim having done "Critical
bugfixes", maybe it's related?
Please take care of the package or find some help to maintain it.
Cheers,
On Wed, 27 Aug 2008, Thijs Kinkhorst wrote:
> tags 496419 confirmed
> thanks
>
> Hi,
>
> A simple grep revealed a lot of tempfile issues here, see below. As far as I
> understand it, the code runs as root. This makes the issue quite serious.
> Please make sure this is fixed before lenny is released.
>
> As several different temp files are used insecurely, it may be better to
> create a separate, private working directory for the program where it may
> store all those files at will.
>
>
> cheers,
> Thijs
>
> ./config-scripts/xen-3.2/configure-xend.sh: cat <<EOF > /tmp/open_ssl.res
> ./config-scripts/xen-3.2/configure-xend.sh: $OPENSSL req -new -key
> $KEY -out $CSR < /tmp/open_ssl.res
> ./config-scripts/xen-3.2/configure-xend.sh: rm /tmp/open_ssl.res
> ./config-scripts/xen-3.1/configure-xend.sh: cat <<EOF > /tmp/open_ssl.res
> ./config-scripts/xen-3.1/configure-xend.sh: $OPENSSL req -new -key
> $KEY -out $CSR < /tmp/open_ssl.res
> ./config-scripts/xen-3.1/configure-xend.sh: rm /tmp/open_ssl.res
> ./src/utils.py: updates_file = "/tmp/updates.xml"
> ./src/utils.py:
> dir="/tmp")
> ./src/utils.py: TEST_CONFIGFILE = '/tmp/convirt.conf'
> ./src/XenNode.py: dom_config.save("/tmp/test_config")
> ./src/XenNode.py: newcfg.set_filename("/tmp/Txx")
> ./src/XenNode.py: f = managed_node.node_proxy.open("/tmp/Txx")
> ./src/XenNode.py: print "### read config from /etc/xen/auto and write them
> to /tmp"
> ./src/XenNode.py: d.save("/tmp/" + f)
> ./src/NodeProxy.py: node.put("/tmp/send", "/tmp/send_r")
> ./src/NodeProxy.py: node.get("/tmp/send_r", "/tmp/received")
> ./src/NodeProxy.py: fd = node.open('/tmp/test_writable','w')
> ./src/NodeProxy.py:
> print 'exists?: ',node.file_exists('/tmp/test_writable')
> ./src/NodeProxy.py: print 'isWritable?: ',
> node.file_is_writable('/tmp/test_writable')
> ./src/NodeProxy.py: node.remove('/tmp/test_writable')
> ./src/NodeProxy.py: print 'exists?: ',
> node.file_exists('/tmp/test_writable')
> ./src/NodeProxy.py: node.mkdir("/tmp/node_test")
> ./src/NodeProxy.py: w = node.open("/tmp/node_test/test", "w")
> ./src/NodeProxy.py: r = node.open("/tmp/node_test/test")
> ./src/NodeProxy.py: node.remove("/tmp/node_test/test")
> ./src/NodeProxy.py: node.rmdir("/tmp/node_test")
> ./src/NodeProxy.py: output,code = node.exec_cmd('find /tmp')
> ./src/NodeProxy.py: output,code = node.exec_cmd('junk /tmp')
> ./src/GridManager.py:
>
> dir="/tmp")
> ./src/KVMProxy.py: cmdline = cmdline + " -monitor unix:/tmp/" +
> config.get("name") + \
> ./src/KVMProxy.py: config["monitor"] = "unix:/tmp/xyz"
--
Raphaël Hertzog
Le best-seller français mis à jour pour Debian Etch :
http://www.ouaza.com/livre/admin-debian/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
