[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-cont
Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-control
Sat, 20 Jun 2020 15:44:15 +0100
I have submitted some patches for GNU Health control, including some
recommendations from openSUSE security assessment.
Some notes that you might want to consider for the openSUSE version of
the GH control center:
* Keep in mind that the standard GNU Health installation
uses a non-privileged user ("gnuhealth"), so we don't use /var/run,
/var/log, or any system directory. In addition, all Python
dependencies are also installed locally, under $HOME/.local)
* The GNU Health update directory is static because we need to be able
to have the latest update in case of issues and take it from there. So
running in a pseudo-random directory or the use of mktemp is not
suitable for this scenario.
* To avoid some user in the same server creating a file with the same
location and name, thus preventing from running the backup, the new
GNU Health control will create the temporary lock and info files in
the gnuhealth HOME directory, so only the gnuhealth administrator
will be able to access those files.
* We are using the mktemp with the prefix directory (/tmp) included
(mktemp -d /tmp/gnuhealth-XXXX) . This makes it compatible with
* Please use mktemp and assign it to a local variable in the
"getlang" function scope. There is no need to create the directory in
contexts other than installation of a particular language.
* Finally, we now delete the temporary directory after language
installation process, regardless of the exit status.
The revision is at :
And the GH 3.6.4 raw file:
Thank you again for your time and very valuable recommendations!
Have a great weekend
Description: OpenPGP digital signature