TUCoPS :: Unix :: General :: a6139.htm

xfsdump insecure file creation
14th Apr 2003 [SBWID-6139]
COMMAND

	xfsdump insecure file creation

SYSTEMS AFFECTED

	versions prior to 2.2.8

PROBLEM

	As reported in Debian Security Advisory DSA 283-1:
	
	Ethan  Benson  discovered  a   problem   in   xfsdump,   that   contains
	administrative utilities for the XFS filesystem. When filesystem  quotas
	are enabled xfsdump runs xfsdq to save  the  quota  information  into  a
	file at the root of the filesystem being dumped.  The  manner  in  which
	this file is created is unsafe.
	
	While fixing this, a new option ``-f path'' has been added  to  xfsdq(8)
	to specify an output file instead of using the standard  output  stream.
	This file is created by xfsdq and xfsdq will fail to run  if  it  exists
	already. The file is also created with  a  more  appropriate  mode  than
	whatever the umask happened to be when xfsdump(8) was run.

SOLUTION

	upgrade to the latest available in your distribution / at your vendor.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH