From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17019 invoked by alias); 4 May 2009 19:31:27 -0000 Received: (qmail 17008 invoked by alias); 4 May 2009 19:31:25 -0000 X-SWARE-Spam-Status: No, hits=-1.1 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_57,SPF_HELO_PASS X-Spam-Status: No, hits=-1.1 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_57,SPF_HELO_PASS X-Spam-Check-By: sourceware.org X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bastion2.fedora.phx.redhat.com Subject: cluster: RHEL5 - gfs2: randomize debugfs mount point even more To: cluster-cvs-relay@redhat.com X-Project: Cluster Project X-Git-Module: cluster.git X-Git-Refname: refs/heads/RHEL5 X-Git-Reftype: branch X-Git-Oldrev: 423ba66a2c5a08a000c8e971589c94b3fbebf701 X-Git-Newrev: 07ff0098221e31673e0b61ac5dcd679dcd13c9f5 From: Bob Peterson Message-Id: <20090504193058.264B2120255@lists.fedorahosted.org> Date: Mon, 04 May 2009 19:31:00 -0000 X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254 Mailing-List: contact cluster-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: cluster-cvs-owner@sourceware.org X-SW-Source: 2009-q2/txt/msg00195.txt.bz2 Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=07ff0098221e31673e0b61ac5dcd679dcd13c9f5 Commit: 07ff0098221e31673e0b61ac5dcd679dcd13c9f5 Parent: 423ba66a2c5a08a000c8e971589c94b3fbebf701 Author: Bob Peterson AuthorDate: Mon May 4 11:06:20 2009 -0500 Committer: Bob Peterson CommitterDate: Mon May 4 11:06:20 2009 -0500 gfs2: randomize debugfs mount point even more bz 498950 - cluster product is affected by several symlink attack vulnerabilities 18b24ae55c3e4abdc256a3b6c4f15ae0116a0f14 didn't introduce enough security. Switch to mkdtemp(3) and cleanup unrequired code as a consequence. --- gfs2/tool/misc.c | 32 ++++++++++++++------------------ 1 files changed, 14 insertions(+), 18 deletions(-) diff --git a/gfs2/tool/misc.c b/gfs2/tool/misc.c index 103df2f..dec78d7 100644 --- a/gfs2/tool/misc.c +++ b/gfs2/tool/misc.c @@ -115,27 +115,26 @@ print_lockdump(int argc, char **argv) char *name, line[PATH_MAX]; char *debugfs; FILE *file; - int rc = -1, debug_dir_existed = 1; + int rc = -1; /* See if debugfs is mounted, and if not, mount it. */ debugfs = find_debugfs_mount(); if (!debugfs) { - debugfs = malloc(20); + debugfs = malloc(PATH_MAX); if (!debugfs) die("Can't allocate memory for debugfs.\n"); - memset(debugfs, 0, 20); - strcpy(debugfs, "/tmp/debugfs"); - - if (access(debugfs, F_OK)) { - debug_dir_existed = mkdir(debugfs, 644); - if (debug_dir_existed) { - fprintf(stderr, - "Can't create %s mount point.\n", - debugfs); - free(debugfs); - exit(-1); - } + + memset(debugfs, 0, PATH_MAX); + sprintf(debugfs, "/tmp/debugfs.XXXXXX"); + + if (!mkdtemp(debugfs)) { + fprintf(stderr, + "Can't create %s mount point.\n", + debugfs); + free(debugfs); + exit(-1); } + rc = mount("none", debugfs, "debugfs", 0, NULL); if (rc) { fprintf(stderr, @@ -166,10 +165,7 @@ print_lockdump(int argc, char **argv) /* Check if we mounted the debugfs and if so, unmount it. */ if (!rc) { umount(debugfs); - /* Check if we created the debugfs mount point and if so, - delete it. */ - if (!debug_dir_existed) - rmdir(debugfs); + rmdir(debugfs); } free(debugfs); }