This is the mail archive of the
cluster-cvs@sourceware.org
mailing list for the cluster.
cluster: RHEL5 - gfs2: randomize debugfs mount point even more
- From: Bob Peterson <rpeterso at fedoraproject dot org>
- To: cluster-cvs-relay at redhat dot com
- Date: Mon, 4 May 2009 19:31:00 +0000 (UTC)
- Subject: cluster: RHEL5 - gfs2: randomize debugfs mount point even more
Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=1ea6d6c4680dfd0cdd43c4df8580d84789f75870
Commit: 1ea6d6c4680dfd0cdd43c4df8580d84789f75870
Parent: 07ff0098221e31673e0b61ac5dcd679dcd13c9f5
Author: Bob Peterson <rpeterso@redhat.com>
AuthorDate: Mon May 4 11:26:56 2009 -0500
Committer: Bob Peterson <rpeterso@redhat.com>
CommitterDate: Mon May 4 11:26:56 2009 -0500
gfs2: randomize debugfs mount point even more
bz 498950 - cluster product is affected by several symlink attack vulnerabilities
18b24ae55c3e4abdc256a3b6c4f15ae0116a0f14 didn't introduce enough
security.
Switch to mkdtemp(3) and cleanup unrequired code as a consequence.
---
gfs2/edit/savemeta.c | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/gfs2/edit/savemeta.c b/gfs2/edit/savemeta.c
index de99cb7..29ddbb8 100644
--- a/gfs2/edit/savemeta.c
+++ b/gfs2/edit/savemeta.c
@@ -36,7 +36,7 @@
#include "libgfs2.h"
#define BUFSIZE (4096)
-#define DFT_SAVE_FILE "/tmp/gfsmeta"
+#define DFT_SAVE_FILE "/tmp/gfsmeta.XXXXXX"
#define MAX_JOURNALS_SAVED 256
struct saved_metablock {
@@ -418,7 +418,7 @@ void get_journal_inode_blocks(void)
}
}
-void savemeta(const char *out_fn, int saveoption)
+void savemeta(char *out_fn, int saveoption)
{
int out_fd;
int slow;
@@ -431,9 +431,14 @@ void savemeta(const char *out_fn, int saveoption)
slow = (saveoption == 1);
sbd.md.journals = 1;
- if (!out_fn)
- out_fn = DFT_SAVE_FILE;
- out_fd = open(out_fn, O_RDWR | O_CREAT, 0644);
+ if (!out_fn) {
+ out_fn = strdup(DFT_SAVE_FILE);
+ if (!out_fn)
+ die("Can't allocate memory for the operation.\n");
+ out_fd = mkstemp(out_fn);
+ } else
+ out_fd = open(out_fn, O_RDWR | O_CREAT, 0644);
+
if (out_fd < 0)
die("Can't open %s: %s\n", out_fn, strerror(errno));