Creating temp files in a world-writable directory such as /tmp could expose the config generation to symlink races. Use /run directory instead.
As suggested here: https://lore.proxmox.com/pve-devel/[email protected]/T/#t Suggested-by: Stoiko Ivanov <[email protected]> Signed-off-by: Arthur Bied-Charreton <[email protected]> --- src/PVE/Cluster/Setup.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/Cluster/Setup.pm b/src/PVE/Cluster/Setup.pm index b9cacfd..5ed85ad 100644 --- a/src/PVE/Cluster/Setup.pm +++ b/src/PVE/Cluster/Setup.pm @@ -504,7 +504,7 @@ sub gen_pve_ssl_cert { $names .= ",DNS:$fqdn"; } - my $reqfn = "/tmp/pvecertreq-$$.tmp"; + my $reqfn = "/run/pvecertreq-$$.tmp"; unlink $reqfn; my $pvessl_key_fn = "$pmxcfs_base_dir/nodes/$nodename/pve-ssl.key"; -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
