Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=756179
--- Comment #2 from Jim Meyering meyering@redhat.com 2011-11-23 05:40:06 EST --- I'll be afk for a while soon, and probably won't be back before 4pm (10am your time), but here's some initial feedback:
I noticed that this code uses /tmp/audrey as a "STORAGE_DIR",
src/config.ru:storage_dir = ENV['STORAGE_DIR'] || '/tmp/audrey'
described as:
# Directory where aeolus-configserver stores the instance configrations
First, that's a typo: s/configrations/configurations/
More importantly, I don't see anything that guarantees /tmp/audrey has been created by us and that it isn't writable by others. Sounds risky to use a hard-coded name like that. What if someone else has already created it?