[Bug 238262] Fix net/rtg race condition an possible file tampering

Fri May 31 13:34:47 UTC 2019

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238262

            Bug ID: 238262
           Summary: Fix net/rtg race condition an possible file tampering
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs at FreeBSD.org
          Reporter: rodrigo at FreeBSD.org
                CC: freebsd-ports at dan.me.uk
                CC: freebsd-ports at dan.me.uk
             Flags: maintainer-feedback?(freebsd-ports at dan.me.uk)

Created attachment 204741
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=204741&action=edit
patch to avoid race condition / file tampering

During the initialization net/rtg uses /tmp/mysql.sql and /tmp/rtg.sql to store
the actions to be performed in the database at the end of the script.

Using well known files can lead to a race condition between two process who
uses the same file names and allow file tampering.

This patch introduces the mktemp command to create the temporary file in safer
way.

-- 
You are receiving this mail because:
You are the assignee for the bug.