master - rgmanager: randomize oracledb.sh temp file
Fabio M. Di Nitto
fabbione@fedoraproject.org
Thu Oct 30 11:26:00 GMT 2008
Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=765f2dba9fe6352f6d2b6dc45e934c50227832db
Commit: 765f2dba9fe6352f6d2b6dc45e934c50227832db
Parent: 5265ab0f6ff4c8ce94fab7e7839c0b0e99aa94f8
Author: Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate: Thu Oct 30 12:24:59 2008 +0100
Committer: Fabio M. Di Nitto <fdinitto@redhat.com>
CommitterDate: Thu Oct 30 12:24:59 2008 +0100
rgmanager: randomize oracledb.sh temp file
by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.
Randomize temp files via mktemp.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
rgmanager/src/resources/oracledb.sh.in | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rgmanager/src/resources/oracledb.sh.in b/rgmanager/src/resources/oracledb.sh.in
index 4e34e69..4041a34 100644
--- a/rgmanager/src/resources/oracledb.sh.in
+++ b/rgmanager/src/resources/oracledb.sh.in
@@ -266,7 +266,7 @@ start_db()
declare logfile
declare -i rv
- tmpfile=/tmp/$SCRIPT-start.$$
+ tmpfile="$(mktemp /tmp/$SCRIPT-start.XXXXXX)"
logfile=@LOGDIR@/$SCRIPT-start.log
#
@@ -316,7 +316,7 @@ stop_db()
declare logfile
declare -i rv
- tmpfile=/tmp/$SCRIPT-stop.$$
+ tmpfile="$(mktemp /tmp/$SCRIPT-stop.XXXXXX)"
logfile=@LOGDIR@/$SCRIPT-stop.log
# Setup for Stop ...
More information about the Cluster-cvs
mailing list