[Ace-users] [tao-users] Default file mode when creating (the "-o" IFR option inparticular)
Douglas C. Schmidt
schmidt at dre.vanderbilt.edu
Thu Feb 28 09:58:21 CST 2008
Hi Folks,
We should definitely use ACE_DEFAULT_FILE_PERMs. Jeff, can you
please update this stuff when you have a chance?
Thanks,
Doug
> Isn't it better to use ACE_DEFAULT_FILE_PERMS as flag? That is 644 by
> default. Also NULL is not portable and shouldn't be used. Can you rework the
> patch to make it more an ACE patch?
>
> Johnny
>
> "Jules Colding" <colding at 42tools.com> wrote in message
> news:<mailman.3783.1204210788.5286.tao-users at mail.cse.wustl.edu>...
> > Hi,
> >
> > I'm using ACE and TAO x.6.2 to build Lorica(*) which is our IIOP
> > Firewall project. It makes use of the IFR and will hand the "-o"
> > option to it so that the IFR IOR gets written out to file.
> >
> > Unfortunately this file is created with mode 666. This makes it
> > possible for a malicious user to edit the IOR file and highjack future
> > IFR sessions.
> >
> > The file should obviously be created with mode 644. The attached patch
> > naively fixes this but I think that we might need to look at how files
> > are created throughout ACE and TAO to ensure that none are world
> > writable.
> >
> > BTW, the patch is very traditional C'ish, sorry about that...
> >
> > Thoughts?
> >
> >
> > Best regards,
> > jules
> >
> >
> > *)
> http://www.42tools.com/sites/default/files/downloads/dist/lorica/SOURCES/lor
> ica-0.9.2.tar.gz
> >
> >
> >
>
> _______________________________________________
> tao-users mailing list
> tao-users at mail.cse.wustl.edu
> http://mail.cse.wustl.edu/mailman/listinfo/tao-users
More information about the Ace-users
mailing list