master - rgmanager: randomize file for automatic data dump
Fabio M. Di Nitto
fabbione@fedoraproject.org
Wed Oct 22 06:58:00 GMT 2008
Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=bde3b975fc4caffaa2aabd82d7d3cda8f4432f6a
Commit: bde3b975fc4caffaa2aabd82d7d3cda8f4432f6a
Parent: f307c869aecb917760c066e4c62f1e9af8c510f6
Author: Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate: Wed Oct 22 08:56:16 2008 +0200
Committer: Fabio M. Di Nitto <fdinitto@redhat.com>
CommitterDate: Wed Oct 22 08:56:16 2008 +0200
rgmanager: randomize file for automatic data dump
by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.
Mitigate the issue by randomizing the output file with pid.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
rgmanager/src/daemons/main.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/rgmanager/src/daemons/main.c b/rgmanager/src/daemons/main.c
index c487094..7c0602a 100644
--- a/rgmanager/src/daemons/main.c
+++ b/rgmanager/src/daemons/main.c
@@ -707,9 +707,14 @@ event_loop(msgctx_t *localctx, msgctx_t *clusterctx)
tv.tv_usec = 0;
if (signalled) {
+ char dumpfile[PATH_MAX];
+
signalled = 0;
+
+ memset(dumpfile, 0, PATH_MAX);
+ sprintf(dumpfile, "/tmp/rgmanager-dump.%d", getpid());
- dump_internal_state("/tmp/rgmanager-dump");
+ dump_internal_state(dumpfile);
}
while (running && (tv.tv_sec || tv.tv_usec)) {
More information about the Cluster-cvs
mailing list