14th Apr 2003 [SBWID-6139]
COMMAND
	xfsdump insecure file creation
SYSTEMS AFFECTED
	versions prior to 2.2.8
PROBLEM
	As reported in Debian Security Advisory DSA 283-1:
	Ethan  Benson  discovered  a   problem   in   xfsdump,   that   contains
	administrative utilities for the XFS filesystem. When filesystem  quotas
	are enabled xfsdump runs xfsdq to save  the  quota  information  into  a
	file at the root of the filesystem being dumped.  The  manner  in  which
	this file is created is unsafe.
	While fixing this, a new option ``-f path'' has been added  to  xfsdq(8)
	to specify an output file instead of using the standard  output  stream.
	This file is created by xfsdq and xfsdq will fail to run  if  it  exists
	already. The file is also created with  a  more  appropriate  mode  than
	whatever the umask happened to be when xfsdump(8) was run.
SOLUTION
	upgrade to the latest available in your distribution / at your vendor.