openhpi2
commented
9 years ago - labels: --> Build System, OpenHPI Daemon
- assigned_to: dr_mohan
- Subsystem: OpenHPI Daemon --> Build System
Original comment by: dr_mohan
Closed openhpi2 closed 8 years ago
openhpi2
commented
9 years ago Original comment by: dr_mohan
openhpi2
commented
9 years ago Thanks Rafael for filing the bug and supplying the patch.
Original comment by: dr_mohan
openhpi2
commented
9 years ago Original comment by: dr_mohan
openhpi2
commented
9 years ago Fixed with checkin #7638
Original comment by: dr_mohan
from openhpi/Makefile.am (line 134): $(mkinstalldirs) $(DESTDIR)$(VARPATH) chmod 777 $(DESTDIR)$(VARPATH)
An attacker could use the /var/lib/openhpi directory to fill up the storage hosting the /var/lib/ directory if quotas are not properly set.
If you have the /var/lib/openhpi dir already on your system, no modifications are made. So you need to delete it before trying installing again to reproduce the issue.
The attached patch fix the dir permissions on creation.
Reported by: rdossant