ec2-bundle-image and ec2-unbundle-image use single, static named fifo in /tmp

Bug #439788 reported by Scott Moser on 2009-10-01
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ec2-ami-tools (Ubuntu)

Bug Description

Binary package hint: ec2-ami-tools

the ec2-bundle-image and ec2-unbundle-image tools make fifos in /tmp with names of ec2-bundle-image-digest and ec2-unbundle-image-digest respectively. This is potentially a security issue, and definitely it means that 2 processes can't be doing this at the same time.

The proposed patch attached uses random filename in /tmp for feeding to mkfifo. It also turns down the permissions on the fifo that is created using '--mode' flag to mkfifo.

Scott Moser (smoser) wrote :
Scott Moser (smoser) on 2009-10-02
Changed in ec2-ami-tools (Ubuntu):
assignee: Scott Moser (smoser) → nobody
Fabrice Coutadeur (fabricesp) wrote :


This patch makes sense.

Can you check with upstream his position on that?


Scott Moser (smoser) wrote :

I posted in the ec2 forum :
I'm not sure there is a better way to interact with the upstream in this case.

Scott Moser (smoser) wrote :

fix-released in 1.3-34544-0ubuntu3 .
Additionally, I got some feedback from a amazon developer indicating that they will include this in future releases.

Changed in ec2-ami-tools (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers