blob: 99a958aa701f7dbc0491d572352cd578d07a2cab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
From 545db8cd292957158bf3fa1c1c370e4be83c6688 Mon Sep 17 00:00:00 2001
From: Robert Buchholz <rbu@goodpoint.de>
Date: Tue, 6 Jan 2009 23:26:00 +0100
Subject: [PATCH] Use mktemp instead of relying that $$-$RANDOM-$RANDOM does not exist.
References:
* CVE-2008-4953
* https://bugs.gentoo.org/246013
---
firehol.sh | 25 +++++++++----------------
1 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/firehol.sh b/firehol.sh
index 6acb497..f5dba16 100755
--- a/firehol.sh
+++ b/firehol.sh
@@ -238,8 +238,15 @@ ${IPTABLES_CMD} -nxvL >/dev/null 2>&1
# ----------------------------------------------------------------------
# Directories and files
-# These files will be created and deleted during our run.
-FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}"
+# Create an empty temporary directory we need for this run.
+if ! FIREHOL_DIR="`mktemp -d -t .firehol-tmp-XXXXXX`"
+then
+ echo >&2
+ echo >&2
+ echo >&2 "Cannot create temporary directory."
+ echo >&2
+ exit 1
+fi
FIREHOL_CHAINS_DIR="${FIREHOL_DIR}/chains"
FIREHOL_OUTPUT="${FIREHOL_DIR}/firehol-out.sh"
FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh"
@@ -329,20 +336,6 @@ then
"${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}/services"
fi
-# Remove any old directories that might be there.
-if [ -d "${FIREHOL_DIR}" ]
-then
- "${RM_CMD}" -rf "${FIREHOL_DIR}"
- if [ $? -ne 0 -o -e "${FIREHOL_DIR}" ]
- then
- echo >&2
- echo >&2
- echo >&2 "Cannot clean temporary directory '${FIREHOL_DIR}'."
- echo >&2
- exit 1
- fi
-fi
-"${MKDIR_CMD}" "${FIREHOL_DIR}" || exit 1
"${MKDIR_CMD}" "${FIREHOL_CHAINS_DIR}" || exit 1
# prepare the file that will hold all modules to be loaded.
--
1.6.0.4
|
GitWeb
