FW: New DST Rules for 2007

Ken Pizzini tz. at explicate.org
Tue Feb 27 21:46:12 UTC 2007


> I'm forwarding this message form Bryan O'Neill, who is not on the time
> zone mailing list.

[...]
> I asked a question on linuxquestions.org about what exact commands I
> would need to install your patch that will update the new DST rules on
> my RH 8.0 pc.  One guy responded with the following:
[snip]
>   Do you see anything there that may create something
> malcious or unsecure?

I decided not to bore the whole list with the fairly detailed
response I mailed to Bryan, but figured I'd leave a briefer
synopsis here for the archives:
  * While I don't know about 8.0 specifically, I do know that
    repositories for some other Red Hat releases are up-to-date
    enough that a simple "yum update tzdata" would probably
    a better solution for the Bryan's stated goals.

  * The code quoted was not malicious, nor inherently insecure
    (there are some circumstances where security
    problems might arise, such as a compromised tzcode tarball
    being downloaded, but these are issues outside the scope
    of what the given code snippet can be expected to address).
    Furthermore, though I do have some quibbles with the
    code as not setting the best example in quality (using
    several commands where a smaller number of simple ones
    would have sufficed), it *is* written with saftey in mind:
    it takes pains to "exit" whenever something might not
    work as planned, rather than risk falling through and
    potentially doing damage.

  * The code snippet installs to the tzcode default of
    /usr/local/zoneinfo, which is wrong for the goal of
    ensuring that the *system* will use the new rules.
    If recompiling from source (as opposed to using a newer
    rpm) is desired, editing the TOPDIR setting in the
    makefile (or setting it on the "make" command-line)
    is needed.


		--Ken Pizzini



More information about the tz mailing list