[Ace-users] [tao-users] Default file mode when creating (the "-o" IFR option in particular)
Milan Cvetkovic
milan.cvetkovic at mpathix.com
Thu Feb 28 12:56:34 CST 2008
Jules Colding wrote:
> Hi,
>
> I'm using ACE and TAO x.6.2 to build Lorica(*) which is our IIOP
> Firewall project. It makes use of the IFR and will hand the "-o" option
> to it so that the IFR IOR gets written out to file.
>
> Unfortunately this file is created with mode 666. This makes it
> possible for a malicious user to edit the IOR file and highjack future
> IFR sessions.
>
> The file should obviously be created with mode 644. The attached patch
> naively fixes this but I think that we might need to look at how files
> are created throughout ACE and TAO to ensure that none are world writable.
>
> BTW, the patch is very traditional C'ish, sorry about that...
>
> Thoughts?
Maybe your umask is set wrong.
Try creating a file from shell:
$ touch myfile
$ ls -l myfile
>
>
> Best regards,
> jules
>
>
> *)
> http://www.42tools.com/sites/default/files/downloads/dist/lorica/SOURCES/lorica-0.9.2.tar.gz
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> tao-users mailing list
> tao-users at mail.cse.wustl.edu
> http://mail.cse.wustl.edu/mailman/listinfo/tao-users
More information about the Ace-users
mailing list