lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1192179407-22461-4-git-send-email-andreas@fatal.se>
Date:	Fri, 12 Oct 2007 10:56:39 +0200
From:	Andreas Henriksson <andreas@...al.se>
To:	shemminger@...ux-foundation.org
Cc:	netdev@...r.kernel.org,
	Javier Fernández-Sanguino Peña 
	<jfs@...puter.org>, Andreas Henriksson <andreas@...al.se>
Subject: [PATCH 04/12] Fix up various problems in netbug script.

From: Javier Fernández-Sanguino Peña <jfs@...puter.org>

Fix race conditions and temporary file symlink attacks.
See http://bugs.debian.org/289541

Additional improvements by Allard Hoeve <allard@...e.nl> and others.
See http://bugs.debian.org/313540, http://bugs.debian.org/313541,
and http://bugs.debian.org/313544.

Signed-off-by: Andreas Henriksson <andreas@...al.se>
---
 misc/netbug |   24 ++++++++----------------
 1 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/misc/netbug b/misc/netbug
index 6d13c8e..7b6ecea 100644
--- a/misc/netbug
+++ b/misc/netbug
@@ -1,23 +1,16 @@
 #! /bin/bash
 
+set -e
+
 echo -n "Send network configuration summary to [ENTER means kuznet@....inr.ac.ru] "
 IFS="" read mail || exit 1
 [ -z "$mail" ] && mail=kuznet@....inr.ac.ru
 
+netbug=`mktemp -d -t netbug.XXXXXX` || (echo "$0: Cannot create temporary directory" >&2; exit 1; )
+netbugtar=`tempfile -d $netbug --suffix=tar.gz` || (echo "$0: Cannot create temporary file" >&2; exit 1; )
+tmppath=$netbug
+trap "/bin/rm -rf $netbug $netbugtar" 0 1 2 3 13 15
 
-netbug=""
-while [ "$netbug" = "" ]; do
-	netbug=`echo netbug.$$.$RANDOM`
-	if [ -e /tmp/$netbug ]; then
-		netbug=""
-	fi
-done
-
-tmppath=/tmp/$netbug
-
-trap "rm -rf $tmppath $tmppath.tar.gz" 0 SIGINT
-
-mkdir $tmppath
 mkdir $tmppath/net
 
 cat /proc/slabinfo > $tmppath/slabinfo
@@ -44,9 +37,8 @@ if [ -e /proc/net/tcp6 ]; then
 fi
 
 cd /tmp
-tar c $netbug | gzip -9c > $netbug.tar.gz
-
-uuencode $netbug.tar.gz $netbug.tar.gz | mail -s $netbug "$mail"
+tar c $tmppath | gzip -9c > $netbugtar
+uuencode $netbugtar $netbugtar | mail -s $netbug "$mail"
 
 echo "Sending to <$mail>; subject is $netbug"
 
-- 
1.5.3.4

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ