Date: Fri, 31 May 2019 13:34:44 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 238262] Fix net/rtg race condition an possible file tampering Message-ID: <bug-238262-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238262 Bug ID: 238262 Summary: Fix net/rtg race condition an possible file tampering Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: rodrigo@FreeBSD.org CC: freebsd-ports@dan.me.uk CC: freebsd-ports@dan.me.uk Flags: maintainer-feedback?(freebsd-ports@dan.me.uk) Created attachment 204741 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D204741&action= =3Dedit patch to avoid race condition / file tampering During the initialization net/rtg uses /tmp/mysql.sql and /tmp/rtg.sql to s= tore the actions to be performed in the database at the end of the script. Using well known files can lead to a race condition between two process who uses the same file names and allow file tampering. This patch introduces the mktemp command to create the temporary file in sa= fer way. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238262-7788>