Bug 238262 - net/rtg: Fix race condition an possible file tampering
Summary: net/rtg: Fix race condition an possible file tampering
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Rodrigo Osorio
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-31 13:34 UTC by Rodrigo Osorio
Modified: 2019-06-14 11:16 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (freebsd-ports)
koobs: merge-quarterly?


Attachments
patch to avoid race condition / file tampering (2.43 KB, patch)
2019-05-31 13:34 UTC, Rodrigo Osorio
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Rodrigo Osorio freebsd_committer 2019-05-31 13:34:44 UTC
Created attachment 204741 [details]
patch to avoid race condition / file tampering

During the initialization net/rtg uses /tmp/mysql.sql and /tmp/rtg.sql to store the actions to be performed in the database at the end of the script.

Using well known files can lead to a race condition between two process who uses the same file names and allow file tampering.

This patch introduces the mktemp command to create the temporary file in safer way.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-01 07:28:13 UTC
Reporter is committer, assign accordingly
Comment 2 Rodrigo Osorio freebsd_committer 2019-06-14 11:16:22 UTC
waiting a little bit more for maintainer feedback.