FreeBSD Bugzilla – Attachment 204741 Details for
Bug 238262
net/rtg: Fix race condition an possible file tampering
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to avoid race condition / file tampering
net_rtg.patch (text/plain), 2.43 KB, created by
Rodrigo Osorio
on 2019-05-31 13:34:44 UTC
(
hide
)
Description:
patch to avoid race condition / file tampering
Filename:
MIME Type:
Creator:
Rodrigo Osorio
Created:
2019-05-31 13:34:44 UTC
Size:
2.43 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 503172) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= rtg > PORTVERSION= 0.7.4 >-PORTREVISION= 18 >+PORTREVISION= 19 > CATEGORIES= net > MASTER_SITES= SF \ > ftp://ftpmirror.uk/freebsd-ports/rtg/ >Index: files/patch-etc_createdb.in >=================================================================== >--- files/patch-etc_createdb.in (revision 503172) >+++ files/patch-etc_createdb.in (working copy) >@@ -1,20 +1,32 @@ >---- etc/createdb.in.orig 2018-04-02 22:52:32 UTC >+--- etc/createdb.in.orig 2003-01-22 19:07:02 UTC > +++ etc/createdb.in >-@@ -23,11 +23,8 @@ echo "" >+@@ -15,6 +15,8 @@ >+ RTGPASS="rtgdefault" >+ DATABASE="rtg" >+ USER="snmp" >++MYSQL_FILE=`mktemp -q /tmp/mysql.XXXXXX` >++RTG_FILE=`mktemp -q /tmp/rtg.XXXXXX` > >+ echo "" >+ echo "$0 setting up MySQL database for RTG." >+@@ -22,103 +24,98 @@ >+ echo "" >+ > # Create the necessary SQL in two /tmp files >- cat <<EOT >/tmp/mysql.sql >+-cat <<EOT >/tmp/mysql.sql > -INSERT INTO user (Host, User, Password) VALUES ('$HOST','$USER',PASSWORD("$RTGPASS")); > -INSERT INTO db (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv, > -Create_priv, Drop_priv, Grant_priv, References_priv, Index_priv, Alter_priv) > -VALUES ('$HOST','$DATABASE','$USER','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'); > -FLUSH PRIVILEGES; >++cat <<EOT >$MYSQL_FILE > +CREATE USER '$USER'@'$HOST' IDENTIFIED BY '$RTG_PASS'; > +GRANT ALL ON '$DATABASE'.* TO '$USER'@'$HOST'; > EOT > >- cat <<EOT >/tmp/rtg.sql >-@@ -35,81 +32,81 @@ cat <<EOT >/tmp/rtg.sql >+-cat <<EOT >/tmp/rtg.sql >++cat <<EOT >$RTG_FILE >+ # > # Table structure for table 'router' > # > >@@ -135,12 +147,14 @@ > ); > EOT > >-@@ -117,8 +114,6 @@ echo "Adding user \"$USER\" to MySQL dat >- cat /tmp/mysql.sql | $MYSQLBIN/mysql -u root -p$ROOTPASS mysql >+ echo "Adding user \"$USER\" to MySQL database..." >+-cat /tmp/mysql.sql | $MYSQLBIN/mysql -u root -p$ROOTPASS mysql >++cat $MYSQL_FILE | $MYSQLBIN/mysql -u root -p$ROOTPASS mysql > echo "Creating RTG database \"$DATABASE\"..." > $MYSQLBIN/mysqladmin -u root -p$ROOTPASS create $DATABASE > -echo "Reloading MySQL privileges..." > -$MYSQLBIN/mysqladmin -u root -p$ROOTPASS flush-privileges > echo "Creating RTG tables..." >- cat /tmp/rtg.sql | $MYSQLBIN/mysql -u $USER -p$RTGPASS $DATABASE >+-cat /tmp/rtg.sql | $MYSQLBIN/mysql -u $USER -p$RTGPASS $DATABASE >++cat $RTG_FILE | $MYSQLBIN/mysql -u $USER -p$RTGPASS $DATABASE > echo "Done."
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=204741">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 238262
: 204741