This is the mail archive of the cluster-cvs@sourceware.org mailing list for the cluster.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

master - rgmanager: randomize smb.sh temp file

From: "Fabio M. Di Nitto" <fabbione at fedoraproject dot org>
To: cluster-cvs-relay at redhat dot com
Date: Thu, 30 Oct 2008 11:32:52 +0000 (UTC)
Subject: master - rgmanager: randomize smb.sh temp file

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=4cc4d59283138e4a6587fffdf78beacc57ee7427
Commit:        4cc4d59283138e4a6587fffdf78beacc57ee7427
Parent:        77ae6070698ed85c890e31db9f6bb2656a13f237
Author:        Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate:    Thu Oct 30 12:32:08 2008 +0100
Committer:     Fabio M. Di Nitto <fdinitto@redhat.com>
CommitterDate: Thu Oct 30 12:32:08 2008 +0100

rgmanager: randomize smb.sh temp file

by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.

Randomize temp files via mktemp.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 rgmanager/src/resources/smb.sh |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/rgmanager/src/resources/smb.sh b/rgmanager/src/resources/smb.sh
index b90d1f8..c344ceb 100644
--- a/rgmanager/src/resources/smb.sh
+++ b/rgmanager/src/resources/smb.sh
@@ -266,7 +266,7 @@ add_sha1()
 
 verify_sha1()
 {
-	declare tmpfile="/tmp/smb-$OCF_RESKEY_name.tmp.$$"
+	declare tmpfile="$(mktemp /tmp/smb-${OCF_RESKEY}_name.tmp.XXXXXX)"
 	declare current exp
 
 	exp=$(grep "^# rgmanager-sha1.*$1" "$1" | head -1)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]