public inbox for cluster-cvs@sourceware.org help / color / mirror / Atom feed
From: Bob Peterson <rpeterso@fedoraproject.org> To: cluster-cvs-relay@redhat.com Subject: cluster: RHEL5 - gfs2: randomize debugfs mount point even more Date: Mon, 04 May 2009 19:31:00 -0000 [thread overview] Message-ID: <20090504193058.264B2120255@lists.fedorahosted.org> (raw) Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=07ff0098221e31673e0b61ac5dcd679dcd13c9f5 Commit: 07ff0098221e31673e0b61ac5dcd679dcd13c9f5 Parent: 423ba66a2c5a08a000c8e971589c94b3fbebf701 Author: Bob Peterson <rpeterso@redhat.com> AuthorDate: Mon May 4 11:06:20 2009 -0500 Committer: Bob Peterson <rpeterso@redhat.com> CommitterDate: Mon May 4 11:06:20 2009 -0500 gfs2: randomize debugfs mount point even more bz 498950 - cluster product is affected by several symlink attack vulnerabilities 18b24ae55c3e4abdc256a3b6c4f15ae0116a0f14 didn't introduce enough security. Switch to mkdtemp(3) and cleanup unrequired code as a consequence. --- gfs2/tool/misc.c | 32 ++++++++++++++------------------ 1 files changed, 14 insertions(+), 18 deletions(-) diff --git a/gfs2/tool/misc.c b/gfs2/tool/misc.c index 103df2f..dec78d7 100644 --- a/gfs2/tool/misc.c +++ b/gfs2/tool/misc.c @@ -115,27 +115,26 @@ print_lockdump(int argc, char **argv) char *name, line[PATH_MAX]; char *debugfs; FILE *file; - int rc = -1, debug_dir_existed = 1; + int rc = -1; /* See if debugfs is mounted, and if not, mount it. */ debugfs = find_debugfs_mount(); if (!debugfs) { - debugfs = malloc(20); + debugfs = malloc(PATH_MAX); if (!debugfs) die("Can't allocate memory for debugfs.\n"); - memset(debugfs, 0, 20); - strcpy(debugfs, "/tmp/debugfs"); - - if (access(debugfs, F_OK)) { - debug_dir_existed = mkdir(debugfs, 644); - if (debug_dir_existed) { - fprintf(stderr, - "Can't create %s mount point.\n", - debugfs); - free(debugfs); - exit(-1); - } + + memset(debugfs, 0, PATH_MAX); + sprintf(debugfs, "/tmp/debugfs.XXXXXX"); + + if (!mkdtemp(debugfs)) { + fprintf(stderr, + "Can't create %s mount point.\n", + debugfs); + free(debugfs); + exit(-1); } + rc = mount("none", debugfs, "debugfs", 0, NULL); if (rc) { fprintf(stderr, @@ -166,10 +165,7 @@ print_lockdump(int argc, char **argv) /* Check if we mounted the debugfs and if so, unmount it. */ if (!rc) { umount(debugfs); - /* Check if we created the debugfs mount point and if so, - delete it. */ - if (!debug_dir_existed) - rmdir(debugfs); + rmdir(debugfs); } free(debugfs); }
next reply other threads:[~2009-05-04 19:31 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2009-05-04 19:31 Bob Peterson [this message] 2009-05-04 19:31 Bob Peterson
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20090504193058.264B2120255@lists.fedorahosted.org \ --to=rpeterso@fedoraproject.org \ --cc=cluster-cvs-relay@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).