beekhof at gmail
Aug 5, 2008, 11:49 PM
Post #2 of 3
(616 views)
Permalink
|
|
Re: [patch] remove maketempfile from BasicSanityCheck
[In reply to]
|
|
makes sense to me.
have you applied this yet?
On Wed, Aug 6, 2008 at 07:22, Simon Horman <horms [at] verge> wrote:
> There are currently at least two problems with maketempfile.
> Firstly, there is a race in the following constrct:
>
> rm -f "$F"; touch "$F"
>
> As an attacker could potitinally create a symlink to "$F" between
> the call to rm and the call to touch.
>
> Secondly the use of $RANDOM appears to be a bashism.
> On dash its usage in BasicSanityCheck appears to evaluate to
> the empty string. See Debian Bug #489607, http://bugs.debian.org/489607
>
> On Linux systems BasicSanityCheck already relies on @MKTEMP@ being
> present by using @MKTEMP@ -d directly. So this patch simply takes
> the approach of removing maketempfile and always calling $MKTEMP directly.
>
> The patch also makes sure that the return value is checked
> and the script exits cleanly if an error occurs.
>
> If we really are worried about systems that don't have mktemp,
> then I suggest making a robust version of maketempfile based
> on mkdir and using it always - if it is robust then there is no
> reason not to.
>
> For a discussion of creating mktemp in shell see
> http://www.linuxsecurity.com/content/view/115462/81/
>
> Signed-off-by: Simon Horman <horms [at] verge>
>
> Index: heartbeat/heartbeat/lib/BasicSanityCheck.in
> ===================================================================
> --- heartbeat.orig/heartbeat/lib/BasicSanityCheck.in 2008-08-06 15:04:04.000000000 +1000
> +++ heartbeat/heartbeat/lib/BasicSanityCheck.in 2008-08-06 15:14:55.000000000 +1000
> @@ -64,35 +64,11 @@ SIGLIST="0 1 2 3 6 15"
>
> errcount=0
>
> -# Make temp files the paranoid way...
> -maketempfile() {
> -#
> -# Use mktemp if we have it, otherwise...
> -#
> -# Construct a difficult-to-guess filename if we don't
> -# Make sure non-mktemp files can't be subverted
> -# $RANDOM is not strictly necessary, but nice to have...
> -#
> - if
> - test "x$MKTEMP" != "x" \
> - && F=`$MKTEMP /tmp/lha-XXXXXX` && [ ! -z "$F" -a -f "$F" ]
> - then
> - echo $F
> - else
> - while
> - echo >/dev/null &
> - F=/tmp/lha-${RANDOM}-$$-$!
> - rm -f "$F"; touch "$F"
> - # Try again if we don't own it, or it's a symlink
> - # Or somehow not a regular file...
> - $TESTPROG ! -O "$F" -o -L "$F" -o ! -f "$F"
> - do
> - : Try again...
> - done
> - echo $F
> - fi
> -}
> -LOGFILE=`maketempfile`
> +if test "x$MKTEMP" != "x"; then
> + echo "error: mktemp command does not exist"
> + exit 1
> +fi
> +LOGFILE=`$MKTEMP /tmp/lha-XXXXXX` || exit 1
>
> cd $HADIR
> ulimit -c unlimited
> @@ -985,7 +961,7 @@ TestRA() {
> fi
>
> if [ `uname -s` = 'Linux' ]; then
> - MNT_DIR=`@MKTEMP@ -d /tmp/lha-dir-XXXXXXXXXXX`
> + MNT_DIR=`$MKTEMP -d /tmp/lha-dir-XXXXXXXXXXX` || exit 1
> echo "Testing RA: Filesystem" | tee -a $LOGFILE
> $OCF_TESTER -o device=/dev/null -o fstype=proc -o directory=$MNT_DIR \
> -n DemoFS $RADIR/Filesystem >>$LOGFILE 2>&1
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
>
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
|
