makes sense to me. have you applied this yet?
On Wed, Aug 6, 2008 at 07:22, Simon Horman <[EMAIL PROTECTED]> wrote: > There are currently at least two problems with maketempfile. > Firstly, there is a race in the following constrct: > > rm -f "$F"; touch "$F" > > As an attacker could potitinally create a symlink to "$F" between > the call to rm and the call to touch. > > Secondly the use of $RANDOM appears to be a bashism. > On dash its usage in BasicSanityCheck appears to evaluate to > the empty string. See Debian Bug #489607, http://bugs.debian.org/489607 > > On Linux systems BasicSanityCheck already relies on @MKTEMP@ being > present by using @MKTEMP@ -d directly. So this patch simply takes > the approach of removing maketempfile and always calling $MKTEMP directly. > > The patch also makes sure that the return value is checked > and the script exits cleanly if an error occurs. > > If we really are worried about systems that don't have mktemp, > then I suggest making a robust version of maketempfile based > on mkdir and using it always - if it is robust then there is no > reason not to. > > For a discussion of creating mktemp in shell see > http://www.linuxsecurity.com/content/view/115462/81/ > > Signed-off-by: Simon Horman <[EMAIL PROTECTED]> > > Index: heartbeat/heartbeat/lib/BasicSanityCheck.in > =================================================================== > --- heartbeat.orig/heartbeat/lib/BasicSanityCheck.in 2008-08-06 > 15:04:04.000000000 +1000 > +++ heartbeat/heartbeat/lib/BasicSanityCheck.in 2008-08-06 15:14:55.000000000 > +1000 > @@ -64,35 +64,11 @@ SIGLIST="0 1 2 3 6 15" > > errcount=0 > > -# Make temp files the paranoid way... > -maketempfile() { > -# > -# Use mktemp if we have it, otherwise... > -# > -# Construct a difficult-to-guess filename if we don't > -# Make sure non-mktemp files can't be subverted > -# $RANDOM is not strictly necessary, but nice to have... > -# > - if > - test "x$MKTEMP" != "x" \ > - && F=`$MKTEMP /tmp/lha-XXXXXX` && [ ! -z "$F" -a -f "$F" ] > - then > - echo $F > - else > - while > - echo >/dev/null & > - F=/tmp/lha-${RANDOM}-$$-$! > - rm -f "$F"; touch "$F" > - # Try again if we don't own it, or it's a symlink > - # Or somehow not a regular file... > - $TESTPROG ! -O "$F" -o -L "$F" -o ! -f "$F" > - do > - : Try again... > - done > - echo $F > - fi > -} > -LOGFILE=`maketempfile` > +if test "x$MKTEMP" != "x"; then > + echo "error: mktemp command does not exist" > + exit 1 > +fi > +LOGFILE=`$MKTEMP /tmp/lha-XXXXXX` || exit 1 > > cd $HADIR > ulimit -c unlimited > @@ -985,7 +961,7 @@ TestRA() { > fi > > if [ `uname -s` = 'Linux' ]; then > - [EMAIL PROTECTED]@ -d /tmp/lha-dir-XXXXXXXXXXX` > + MNT_DIR=`$MKTEMP -d /tmp/lha-dir-XXXXXXXXXXX` || exit 1 > echo "Testing RA: Filesystem" | tee -a $LOGFILE > $OCF_TESTER -o device=/dev/null -o fstype=proc -o > directory=$MNT_DIR \ > -n DemoFS $RADIR/Filesystem >>$LOGFILE 2>&1 > _______________________________________________________ > Linux-HA-Dev: [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev > Home Page: http://linux-ha.org/ > _______________________________________________________ Linux-HA-Dev: [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
