[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ✘gpsd release coming
|
From: |
Gary E. Miller |
|
Subject: |
Re: ✘gpsd release coming |
|
Date: |
Tue, 4 Aug 2020 11:30:27 -0700 |
Yo Bernd!
On Tue, 4 Aug 2020 19:08:51 +0200
Bernd Zeimetz <bernd@bzed.de> wrote:
> On 8/4/20 6:33 PM, Gary E. Miller wrote:
> > The algo is:
> >
> > Check in GPSD_HOME
> >
> > Check in current working directory
>
> This is a security risks, unless you add at least some extra
> measurements by checking if at least the owner is the same user as the
> one who is running the process at the moment.
Paches welcome.
> Otherwise some evil guy could talk root into runinng gpscat or
> whatever in /tmp, while having an enhanced libgpsdpacket lying around
> there.
Executable /tmp? Shame on you.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgptTv1zMDnes.pgp
Description: OpenPGP digital signature
- Re: ✘gpsd release coming, (continued)
- Re: ✘gpsd release coming, Gary E. Miller, 2020/08/03
- Re: ✘gpsd release coming, Fred Wright, 2020/08/03
- Re: ✘gpsd release coming, Gary E. Miller, 2020/08/04
- Re: ✘gpsd release coming, Greg Troxel, 2020/08/04
- Re: ✘gpsd release coming, Gary E. Miller, 2020/08/04
- Re: ✘gpsd release coming, Greg Troxel, 2020/08/04
- Re: ✘gpsd release coming, Gary E. Miller, 2020/08/04
- Re: ✘gpsd release coming, Bernd Zeimetz, 2020/08/04
- Re: ✘gpsd release coming, Gary E. Miller, 2020/08/04
- Re: ✘gpsd release coming, Bernd Zeimetz, 2020/08/04
- Re: ✘gpsd release coming,
Gary E. Miller <=
- ✘gpsd release today, Gary E. Miller, 2020/08/04
- Re: ✘gpsd release today, Bernd Zeimetz, 2020/08/04
- Re: ✘gpsd release today, Gary E. Miller, 2020/08/04
- ✘gpsd 3.21 is released, Gary E. Miller, 2020/08/04