| From 545db8cd292957158bf3fa1c1c370e4be83c6688 Mon Sep 17 00:00:00 2001 |
| From: Robert Buchholz <rbu@goodpoint.de> |
| Date: Tue, 6 Jan 2009 23:26:00 +0100 |
| Subject: [PATCH] Use mktemp instead of relying that $$-$RANDOM-$RANDOM does not exist. |
| |
| References: |
| * CVE-2008-4953 |
| * https://bugs.gentoo.org/246013 |
| --- |
| firehol.sh | 25 +++++++++---------------- |
| 1 files changed, 9 insertions(+), 16 deletions(-) |
| |
| diff --git a/firehol.sh b/firehol.sh |
| index 6acb497..f5dba16 100755 |
| --- a/firehol.sh |
| +++ b/firehol.sh |
| @@ -238,8 +238,15 @@ ${IPTABLES_CMD} -nxvL >/dev/null 2>&1 |
| # ---------------------------------------------------------------------- |
| # Directories and files |
| |
| -# These files will be created and deleted during our run. |
| -FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}" |
| +# Create an empty temporary directory we need for this run. |
| +if ! FIREHOL_DIR="`mktemp -d -t .firehol-tmp-XXXXXX`" |
| +then |
| + echo >&2 |
| + echo >&2 |
| + echo >&2 "Cannot create temporary directory." |
| + echo >&2 |
| + exit 1 |
| +fi |
| FIREHOL_CHAINS_DIR="${FIREHOL_DIR}/chains" |
| FIREHOL_OUTPUT="${FIREHOL_DIR}/firehol-out.sh" |
| FIREHOL_SAVED="${FIREHOL_DIR}/firehol-save.sh" |
| @@ -329,20 +336,6 @@ then |
| "${CHMOD_CMD}" 700 "${FIREHOL_CONFIG_DIR}/services" |
| fi |
| |
| -# Remove any old directories that might be there. |
| -if [ -d "${FIREHOL_DIR}" ] |
| -then |
| - "${RM_CMD}" -rf "${FIREHOL_DIR}" |
| - if [ $? -ne 0 -o -e "${FIREHOL_DIR}" ] |
| - then |
| - echo >&2 |
| - echo >&2 |
| - echo >&2 "Cannot clean temporary directory '${FIREHOL_DIR}'." |
| - echo >&2 |
| - exit 1 |
| - fi |
| -fi |
| -"${MKDIR_CMD}" "${FIREHOL_DIR}" || exit 1 |
| "${MKDIR_CMD}" "${FIREHOL_CHAINS_DIR}" || exit 1 |
| |
| # prepare the file that will hold all modules to be loaded. |
| -- |
| 1.6.0.4 |
| |