From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cluster-cvs-return-11060-listarch-cluster-cvs=sources.redhat.com@sourceware.org>
Received: (qmail 27931 invoked by alias); 21 May 2009 14:29:33 -0000
Received: (qmail 27910 invoked by alias); 21 May 2009 14:29:31 -0000
X-SWARE-Spam-Status: No, hits=-1.7 required=5.0
	tests=AWL,BAYES_00,J_CHICKENPOX_35,SPF_HELO_PASS
X-Spam-Status: No, hits=-1.7 required=5.0
	tests=AWL,BAYES_00,J_CHICKENPOX_35,SPF_HELO_PASS
X-Spam-Check-By: sourceware.org
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	bastion2.fedora.phx.redhat.com
Subject: cluster: RHEL5 - rgmanager: randomize svclib_nfslock temp dir
To: cluster-cvs-relay@redhat.com
X-Project: Cluster Project
X-Git-Module: cluster.git
X-Git-Refname: refs/heads/RHEL5
X-Git-Reftype: branch
X-Git-Oldrev: a36c34552f1655d542ada70a4f3bad45fb602bb5
X-Git-Newrev: c3ca8bc855e3b01c0ca6e169b0d68eee622983e2
From: Lon Hohberger <lon@fedoraproject.org>
Message-Id: <20090521142839.E31FE120214@lists.fedorahosted.org>
Date: Thu, 21 May 2009 14:29:00 -0000
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254
Mailing-List: contact cluster-cvs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <cluster-cvs.sourceware.org>
List-Subscribe: <mailto:cluster-cvs-subscribe@sourceware.org>
List-Post: <mailto:cluster-cvs@sourceware.org>
List-Help: <mailto:cluster-cvs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: cluster-cvs-owner@sourceware.org
X-SW-Source: 2009-q2/txt/msg00365.txt.bz2

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=c3ca8bc855e3b01c0ca6e169b0d68eee622983e2
Commit:        c3ca8bc855e3b01c0ca6e169b0d68eee622983e2
Parent:        a36c34552f1655d542ada70a4f3bad45fb602bb5
Author:        Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate:    Thu Oct 30 12:36:05 2008 +0100
Committer:     Lon Hohberger <lhh@redhat.com>
CommitterDate: Thu May 21 10:27:58 2009 -0400

rgmanager: randomize svclib_nfslock temp dir

by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.

Randomize temp dir via mktemp.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 rgmanager/src/resources/svclib_nfslock |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/rgmanager/src/resources/svclib_nfslock b/rgmanager/src/resources/svclib_nfslock
index 2101e1e..a0250b2 100644
--- a/rgmanager/src/resources/svclib_nfslock
+++ b/rgmanager/src/resources/svclib_nfslock
@@ -37,7 +37,7 @@
 #
 nfslock_statd_notify()
 {
-	declare tmpdir=/tmp/statd-$2.$$
+	declare tmpdir=$(mktemp -d /tmp/statd-$2.XXXXXX)
 	declare nl_dir=$1
 	declare nl_ip=$2
 	declare command		# Work around bugs in rpc.statd
@@ -55,7 +55,6 @@ nfslock_statd_notify()
 	fi
 
 	# Ok, copy the HA directory to something we can use.
-	rm -rf $tmpdir
        	mkdir -p $tmpdir/sm
 	
 	# Copy in our specified entries