This is the mail archive of the cluster-cvs@sourceware.org mailing list for the cluster.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

STABLE2 - rgmanager: randomize file for automatic data dump


Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=8e7eaa9bc66e010e9c8c4938db67ef67573e6783
Commit:        8e7eaa9bc66e010e9c8c4938db67ef67573e6783
Parent:        e2eba2cb43acaf17c37d5994154fb7b833de1046
Author:        Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate:    Wed Oct 22 08:56:16 2008 +0200
Committer:     Fabio M. Di Nitto <fdinitto@redhat.com>
CommitterDate: Thu Oct 30 10:12:08 2008 +0100

rgmanager: randomize file for automatic data dump

by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.

Mitigate the issue by randomizing the output file with pid.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 rgmanager/src/daemons/main.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/rgmanager/src/daemons/main.c b/rgmanager/src/daemons/main.c
index bc2375d..9f4a32f 100644
--- a/rgmanager/src/daemons/main.c
+++ b/rgmanager/src/daemons/main.c
@@ -707,9 +707,14 @@ event_loop(msgctx_t *localctx, msgctx_t *clusterctx)
 	tv.tv_usec = 0;
 
 	if (signalled) {
+		char dumpfile[PATH_MAX];
+
 		signalled = 0;
+
+		memset(dumpfile, 0, PATH_MAX);
+		sprintf(dumpfile, "/tmp/rgmanager-dump.%d", getpid());
  
-		dump_internal_state("/tmp/rgmanager-dump");
+		dump_internal_state(dumpfile);
 	}
 
 	while (running && (tv.tv_sec || tv.tv_usec)) {


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]