[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-cont

From: Luis Falcon
Subject: Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-control
Date: Sat, 20 Jun 2020 15:44:15 +0100

Dear all

I have submitted some patches for GNU Health control, including some 
recommendations from openSUSE security assessment.
Some notes that you might want to consider for the openSUSE version of
the GH control center:

* Keep in mind that the standard GNU Health installation
  uses a non-privileged user ("gnuhealth"), so we don't use /var/run,
  /var/log, or any system directory. In addition, all Python
  dependencies are also installed locally, under $HOME/.local)

* The GNU Health update directory is static because we need to be able
  to have the latest update in case of issues and take it from there. So
  running in a pseudo-random directory or the use of mktemp is not
  suitable for this scenario. 

* To avoid some user in the same server creating a file with the same
  location and name, thus preventing from running the backup, the new
  GNU Health control will create the temporary lock and info files in
  the gnuhealth HOME directory, so only the gnuhealth administrator
  will be able to access those files.

* We are using the mktemp with the prefix directory (/tmp) included
  (mktemp -d /tmp/gnuhealth-XXXX) . This makes it compatible with

* Please use mktemp and assign it to a local variable in the
  "getlang" function scope. There is no need to create the directory in
  contexts other than installation of a particular language.

* Finally, we now delete the temporary directory after language
  installation process, regardless of the exit status.

The revision is at : 

And the GH 3.6.4 raw file:

Thank you again for your time and very valuable recommendations!

Have a great weekend

Attachment: pgpCMVM7RBfNx.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]