cluster: RHEL5 - gfs2: randomize debugfs mount point even more

public inbox for cluster-cvs@sourceware.org
help / color / mirror / Atom feed

* cluster: RHEL5 - gfs2: randomize debugfs mount point even more
@ 2009-05-04 19:31 Bob Peterson
  0 siblings, 0 replies; 2+ messages in thread
From: Bob Peterson @ 2009-05-04 19:31 UTC (permalink / raw)
  To: cluster-cvs-relay

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=1ea6d6c4680dfd0cdd43c4df8580d84789f75870
Commit:        1ea6d6c4680dfd0cdd43c4df8580d84789f75870
Parent:        07ff0098221e31673e0b61ac5dcd679dcd13c9f5
Author:        Bob Peterson <rpeterso@redhat.com>
AuthorDate:    Mon May 4 11:26:56 2009 -0500
Committer:     Bob Peterson <rpeterso@redhat.com>
CommitterDate: Mon May 4 11:26:56 2009 -0500

gfs2: randomize debugfs mount point even more

bz 498950 - cluster product is affected by several symlink attack vulnerabilities

18b24ae55c3e4abdc256a3b6c4f15ae0116a0f14 didn't introduce enough
security.

Switch to mkdtemp(3) and cleanup unrequired code as a consequence.
---
 gfs2/edit/savemeta.c |   15 ++++++++++-----
 1 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/gfs2/edit/savemeta.c b/gfs2/edit/savemeta.c
index de99cb7..29ddbb8 100644
--- a/gfs2/edit/savemeta.c
+++ b/gfs2/edit/savemeta.c
@@ -36,7 +36,7 @@
 #include "libgfs2.h"
 
 #define BUFSIZE (4096)
-#define DFT_SAVE_FILE "/tmp/gfsmeta"
+#define DFT_SAVE_FILE "/tmp/gfsmeta.XXXXXX"
 #define MAX_JOURNALS_SAVED 256
 
 struct saved_metablock {
@@ -418,7 +418,7 @@ void get_journal_inode_blocks(void)
 	}
 }
 
-void savemeta(const char *out_fn, int saveoption)
+void savemeta(char *out_fn, int saveoption)
 {
 	int out_fd;
 	int slow;
@@ -431,9 +431,14 @@ void savemeta(const char *out_fn, int saveoption)
 	slow = (saveoption == 1);
 	sbd.md.journals = 1;
 
-	if (!out_fn)
-		out_fn = DFT_SAVE_FILE;
-	out_fd = open(out_fn, O_RDWR | O_CREAT, 0644);
+	if (!out_fn) {
+		out_fn = strdup(DFT_SAVE_FILE);
+		if (!out_fn)
+			die("Can't allocate memory for the operation.\n");
+		out_fd = mkstemp(out_fn);
+	} else
+		out_fd = open(out_fn, O_RDWR | O_CREAT, 0644);
+
 	if (out_fd < 0)
 		die("Can't open %s: %s\n", out_fn, strerror(errno));
 


^ permalink raw reply	[flat|nested] 2+ messages in thread

* cluster: RHEL5 - gfs2: randomize debugfs mount point even more
@ 2009-05-04 19:31 Bob Peterson
  0 siblings, 0 replies; 2+ messages in thread
From: Bob Peterson @ 2009-05-04 19:31 UTC (permalink / raw)
  To: cluster-cvs-relay

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=07ff0098221e31673e0b61ac5dcd679dcd13c9f5
Commit:        07ff0098221e31673e0b61ac5dcd679dcd13c9f5
Parent:        423ba66a2c5a08a000c8e971589c94b3fbebf701
Author:        Bob Peterson <rpeterso@redhat.com>
AuthorDate:    Mon May 4 11:06:20 2009 -0500
Committer:     Bob Peterson <rpeterso@redhat.com>
CommitterDate: Mon May 4 11:06:20 2009 -0500

gfs2: randomize debugfs mount point even more

bz 498950 - cluster product is affected by several symlink attack vulnerabilities

18b24ae55c3e4abdc256a3b6c4f15ae0116a0f14 didn't introduce enough
security.

Switch to mkdtemp(3) and cleanup unrequired code as a consequence.
---
 gfs2/tool/misc.c |   32 ++++++++++++++------------------
 1 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/gfs2/tool/misc.c b/gfs2/tool/misc.c
index 103df2f..dec78d7 100644
--- a/gfs2/tool/misc.c
+++ b/gfs2/tool/misc.c
@@ -115,27 +115,26 @@ print_lockdump(int argc, char **argv)
 	char *name, line[PATH_MAX];
 	char *debugfs;
 	FILE *file;
-	int rc = -1, debug_dir_existed = 1;
+	int rc = -1;
 
 	/* See if debugfs is mounted, and if not, mount it. */
 	debugfs = find_debugfs_mount();
 	if (!debugfs) {
-		debugfs = malloc(20);
+		debugfs = malloc(PATH_MAX);
 		if (!debugfs)
 			die("Can't allocate memory for debugfs.\n");
-		memset(debugfs, 0, 20);
-		strcpy(debugfs, "/tmp/debugfs");
-
-		if (access(debugfs, F_OK)) {
-			debug_dir_existed = mkdir(debugfs, 644);
-			if (debug_dir_existed) {
-				fprintf(stderr,
-					"Can't create %s mount point.\n",
-					debugfs);
-				free(debugfs);
-				exit(-1);
-			}
+
+		memset(debugfs, 0, PATH_MAX);
+		sprintf(debugfs, "/tmp/debugfs.XXXXXX");
+
+		if (!mkdtemp(debugfs)) {
+			fprintf(stderr,
+				"Can't create %s mount point.\n",
+				debugfs);
+			free(debugfs);
+			exit(-1);
 		}
+
 		rc = mount("none", debugfs, "debugfs", 0, NULL);
 		if (rc) {
 			fprintf(stderr,
@@ -166,10 +165,7 @@ print_lockdump(int argc, char **argv)
 	/* Check if we mounted the debugfs and if so, unmount it. */
 	if (!rc) {
 		umount(debugfs);
-		/* Check if we created the debugfs mount point and if so,
-		   delete it. */
-		if (!debug_dir_existed)
-			rmdir(debugfs);
+		rmdir(debugfs);
 	}
 	free(debugfs);
 }


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-05-04 19:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-05-04 19:31 cluster: RHEL5 - gfs2: randomize debugfs mount point even more Bob Peterson
2009-05-04 19:31 Bob Peterson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).