juju upstart scripts (ab)use predictably named files in /tmp

Bug #1135641 reported by James Troup
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

| ubuntu@juju-prodstack-pes-r2-instance-1:~$ grep /tmp /etc/init/juju-machine-agent.conf
| exec python -m juju.agents.machine --nodaemon --logfile /var/log/juju/machine-agent.log --session-file /var/run/juju/machine-agent.zksession >> /tmp/juju-machine-agent.output 2>&1
| ubuntu@juju-prodstack-pes-r2-instance-1:~$

Even if YAMA stops this from being actively exploitable, it's still
not a good idea to use predictably named files in a shared
world-writable resource like /tmp.

Changed in juju:
milestone: none → 0.8
Curtis Hovey (sinzui)
Changed in juju:
importance: Undecided → Low
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.