master - rgmanager: move nfsclient.sh cache files where they belong

["Fabio M. Di Nitto" <fabbione at fedoraproject dot org>]

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=5c54fe5c5c288519b187b11289c9c2cf9db59353
Commit:        5c54fe5c5c288519b187b11289c9c2cf9db59353
Parent:        6c4fcfc77a0daf61918c5efbab42edb8aa26b749
Author:        Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate:    Wed Oct 22 10:10:08 2008 +0200
Committer:     Fabio M. Di Nitto <fdinitto@redhat.com>
CommitterDate: Wed Oct 22 10:10:08 2008 +0200

rgmanager: move nfsclient.sh cache files where they belong

by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.

Move the cache files to /var/cache/cluster that's owned by root and
doesn't allow normal users to play with it.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 rgmanager/src/resources/nfsclient.sh |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/rgmanager/src/resources/nfsclient.sh b/rgmanager/src/resources/nfsclient.sh
index 7cc9399..a526cca 100644
--- a/rgmanager/src/resources/nfsclient.sh
+++ b/rgmanager/src/resources/nfsclient.sh
@@ -349,12 +349,15 @@ status|monitor)
 	# Don't let anyone read the cache files.
 	#
 	umask 066
+
+	mkdir -p /var/cache/cluster
+
 	if [ -n "$OCF_RESKEY_service_name" ] && [ "$OCF_RESKEY_use_cache" = "1" ]; then
 
 		#
 		# For large #s of exports, we need to cache the information
 		#
-		tmpfn=/tmp/nfsclient-status-cache-$OCF_RESKEY_service_name
+		tmpfn=/var/cache/cluster/nfsclient-status-cache-$OCF_RESKEY_service_name
 
 		if [ -f "$tmpfn" ]; then
 			time_created=$(stat -c "%Y" $tmpfn)
@@ -367,7 +370,7 @@ status|monitor)
 		#
 		# Create a different file if this is a separate instance
 		#
-		tmpfn=/tmp/nfsclient-status-cache-$$
+		tmpfn=/var/cache/cluster/nfsclient-status-cache-$$
 	fi
 
 	if ! [ -f "$tmpfn" ] || [ $delta -gt 30 ]; then