Comment 13 for bug 1174608
Revision history for this message
| Robert Clark (robert-clark) wrote Re: Insecure directory creation for signing | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I think ttx describes the the issue with the fix quite well, TOCTOU is tricky.
I'd be inclined to go with either the first option, subdir in a known-safe location - where known safe really seems to mean: 'if this is screwed, everything screwed anyway'.
Or go with the second option, putting this in the hands of deployers. If the second option was preferable I'd be happy to cut an OSSN for the issue.