[Bug 238262] Fix net/rtg race condition an possible file tampering
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri May 31 13:34:47 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238262
Bug ID: 238262
Summary: Fix net/rtg race condition an possible file tampering
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: rodrigo at FreeBSD.org
CC: freebsd-ports at dan.me.uk
CC: freebsd-ports at dan.me.uk
Flags: maintainer-feedback?(freebsd-ports at dan.me.uk)
Created attachment 204741
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=204741&action=edit
patch to avoid race condition / file tampering
During the initialization net/rtg uses /tmp/mysql.sql and /tmp/rtg.sql to store
the actions to be performed in the database at the end of the script.
Using well known files can lead to a race condition between two process who
uses the same file names and allow file tampering.
This patch introduces the mktemp command to create the temporary file in safer
way.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list