[Ace-users] [tao-users] Default file mode when creating (the "-o" IFR option in particular)
j.parsons at vanderbilt.edu
Thu Feb 28 13:02:20 CST 2008
Regardless, I'm close to checking in changes that will create the
file with ACE_DEFAULT_FILE_PERMS.
> -----Original Message-----
> From: tao-users-bounces at cse.wustl.edu
> [mailto:tao-users-bounces at cse.wustl.edu] On Behalf Of Milan Cvetkovic
> Sent: Thursday, February 28, 2008 12:57 PM
> To: Jules Colding
> Cc: TAO users
> Subject: Re: [tao-users] Default file mode when creating (the
> "-o" IFR option in particular)
> Jules Colding wrote:
> > Hi,
> > I'm using ACE and TAO x.6.2 to build Lorica(*) which is our IIOP
> > Firewall project. It makes use of the IFR and will hand the
> "-o" option
> > to it so that the IFR IOR gets written out to file.
> > Unfortunately this file is created with mode 666. This makes it
> > possible for a malicious user to edit the IOR file and
> highjack future
> > IFR sessions.
> > The file should obviously be created with mode 644. The
> attached patch
> > naively fixes this but I think that we might need to look
> at how files
> > are created throughout ACE and TAO to ensure that none are
> world writable.
> > BTW, the patch is very traditional C'ish, sorry about that...
> > Thoughts?
> Maybe your umask is set wrong.
> Try creating a file from shell:
> $ touch myfile
> $ ls -l myfile
> > Best regards,
> > jules
> > *)
> > _______________________________________________
> > tao-users mailing list
> > tao-users at mail.cse.wustl.edu
> > http://mail.cse.wustl.edu/mailman/listinfo/tao-users
> tao-users mailing list
> tao-users at mail.cse.wustl.edu
More information about the Ace-users