> > > > Pavel, the problem here is your fundamental distrust.
> > > By giving me binary-only installer you ask me to trust you. You ask me
> > > to trust you without good reason [it only generates .tar.gz and
> > > shellscript, why should it be binary? Was not shar designed to handle
> > > that?], and that's pretty suspect.
> >
> > Bitmover doing anything remotely suspect in an executable installer
> > would be commercial suicide, do you distrust realplayer too?
>
> And all our installer does, and I will give you the code if you want it,
> I'd be happy to even have Pavel audit it, is make two arrays,
Okay, you wanted audit ;-).
> main()
> {
> char installer_name[200];
> char data_name[200];
> char cmd[2048];
> int fd;
>
> fprintf(stderr, "Please wait while we unpack the installer...");
> sprintf(installer_name, "/tmp/installer%d", getpid());
> fd = creat(installer_name, 0777);
If nasty user on same system creates symlink (ln -s /etc/passwd
/tmp/installer123), he may overwrite any file on the system. You probably want
fd = open(installer_name, O_WRONLY | O_TRUNC | O_CREAT | O_EXCL, 0755);
Same goes for data.
Pavel
-- Casualities in World Trade Center: ~3k dead inside the building, cryptography in U.S.A. and free speech in Czech Republic. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/