tags 338920 + patch
thanks,
Jason Hoover @ 2005-11-13 (Sunday), 15:26 (-0500)
> Migrationtools leaves insecure temporary files containing information from
> /etc/shadow.
Attached is a patch that calls mktemp at appropriate places. I took the
liberty to change the variable names used from TMPDIR to TEMPDIR, as the
first one has a special meaning.
During a test run it seemed to still work for me, without leaving any
world readable files around.
--
/Martin
diff -ur migrationtools-46/migrate_all_netinfo_offline.sh
migrationtools-46-patched/migrate_all_netinfo_offline.sh
--- migrationtools-46/migrate_all_netinfo_offline.sh 2004-10-28
10:38:46.000000000 +0200
+++ migrationtools-46-patched/migrate_all_netinfo_offline.sh 2005-11-18
18:51:06.982095768 +0100
@@ -39,16 +39,16 @@
PATH=$PATH:.
export PATH
-TMPDIR="/tmp"
-ETC_PASSWD="$TMPDIR/passwd.$$.ldap"
-ETC_GROUP="$TMPDIR/group.$$.ldap"
-ETC_SERVICES="$TMPDIR/services.$$.ldap"
-ETC_PROTOCOLS="$TMPDIR/protocols.$$.ldap"
-ETC_FSTAB="$TMPDIR/fstab.$$.ldap"
-ETC_RPC="$TMPDIR/rpc.$$.ldap"
-ETC_HOSTS="$TMPDIR/hosts.$$.ldap"
-ETC_NETWORKS="$TMPDIR/networks.$$.ldap"
-ETC_ALIASES="$TMPDIR/aliases.$$.ldap"
+TEMPDIR="`/bin/mktemp -dt`"
+ETC_PASSWD="$TEMPDIR/passwd.$$.ldap"
+ETC_GROUP="$TEMPDIR/group.$$.ldap"
+ETC_SERVICES="$TEMPDIR/services.$$.ldap"
+ETC_PROTOCOLS="$TEMPDIR/protocols.$$.ldap"
+ETC_FSTAB="$TEMPDIR/fstab.$$.ldap"
+ETC_RPC="$TEMPDIR/rpc.$$.ldap"
+ETC_HOSTS="$TEMPDIR/hosts.$$.ldap"
+ETC_NETWORKS="$TEMPDIR/networks.$$.ldap"
+ETC_ALIASES="$TEMPDIR/aliases.$$.ldap"
EXIT=no
question="Enter the NetInfo domain to import from [/]:"
diff -ur migrationtools-46/migrate_all_netinfo_online.sh
migrationtools-46-patched/migrate_all_netinfo_online.sh
--- migrationtools-46/migrate_all_netinfo_online.sh 2004-10-28
10:38:46.000000000 +0200
+++ migrationtools-46-patched/migrate_all_netinfo_online.sh 2005-11-18
18:51:22.649713928 +0100
@@ -39,16 +39,16 @@
PATH=$PATH:.
export PATH
-TMPDIR="/tmp"
-ETC_PASSWD="$TMPDIR/passwd.$$.ldap"
-ETC_GROUP="$TMPDIR/group.$$.ldap"
-ETC_SERVICES="$TMPDIR/services.$$.ldap"
-ETC_PROTOCOLS="$TMPDIR/protocols.$$.ldap"
-ETC_FSTAB="$TMPDIR/fstab.$$.ldap"
-ETC_RPC="$TMPDIR/rpc.$$.ldap"
-ETC_HOSTS="$TMPDIR/hosts.$$.ldap"
-ETC_NETWORKS="$TMPDIR/networks.$$.ldap"
-ETC_ALIASES="$TMPDIR/aliases.$$.ldap"
+TEMPDIR="`/bin/mktemp -dt`"
+ETC_PASSWD="$TEMPDIR/passwd.$$.ldap"
+ETC_GROUP="$TEMPDIR/group.$$.ldap"
+ETC_SERVICES="$TEMPDIR/services.$$.ldap"
+ETC_PROTOCOLS="$TEMPDIR/protocols.$$.ldap"
+ETC_FSTAB="$TEMPDIR/fstab.$$.ldap"
+ETC_RPC="$TEMPDIR/rpc.$$.ldap"
+ETC_HOSTS="$TEMPDIR/hosts.$$.ldap"
+ETC_NETWORKS="$TEMPDIR/networks.$$.ldap"
+ETC_ALIASES="$TEMPDIR/aliases.$$.ldap"
EXIT=no
question="Enter the NetInfo domain to import from [/]:"
diff -ur migrationtools-46/migrate_all_nis_offline.sh
migrationtools-46-patched/migrate_all_nis_offline.sh
--- migrationtools-46/migrate_all_nis_offline.sh 2004-10-28
10:38:46.000000000 +0200
+++ migrationtools-46-patched/migrate_all_nis_offline.sh 2005-11-18
18:51:30.386537752 +0100
@@ -39,16 +39,16 @@
PATH=$PATH:.
export PATH
-TMPDIR="/tmp"
-ETC_PASSWD="$TMPDIR/passwd.$$.ldap"
-ETC_GROUP="$TMPDIR/group.$$.ldap"
-ETC_SERVICES="$TMPDIR/services.$$.ldap"
-ETC_PROTOCOLS="$TMPDIR/protocols.$$.ldap"
-ETC_FSTAB="$TMPDIR/fstab.$$.ldap"
-ETC_RPC="$TMPDIR/rpc.$$.ldap"
-ETC_HOSTS="$TMPDIR/hosts.$$.ldap"
-ETC_NETWORKS="$TMPDIR/networks.$$.ldap"
-ETC_ALIASES="$TMPDIR/aliases.$$.ldap"
+TEMPDIR="`mktemp -dt`"
+ETC_PASSWD="$TEMPDIR/passwd.$$.ldap"
+ETC_GROUP="$TEMPDIR/group.$$.ldap"
+ETC_SERVICES="$TEMPDIR/services.$$.ldap"
+ETC_PROTOCOLS="$TEMPDIR/protocols.$$.ldap"
+ETC_FSTAB="$TEMPDIR/fstab.$$.ldap"
+ETC_RPC="$TEMPDIR/rpc.$$.ldap"
+ETC_HOSTS="$TEMPDIR/hosts.$$.ldap"
+ETC_NETWORKS="$TEMPDIR/networks.$$.ldap"
+ETC_ALIASES="$TEMPDIR/aliases.$$.ldap"
EXIT=no
question="Enter the NIS domain to import from (optional): "
diff -ur migrationtools-46/migrate_all_nis_online.sh
migrationtools-46-patched/migrate_all_nis_online.sh
--- migrationtools-46/migrate_all_nis_online.sh 2004-10-28 10:38:46.000000000
+0200
+++ migrationtools-46-patched/migrate_all_nis_online.sh 2005-11-18
18:51:39.221194680 +0100
@@ -40,16 +40,16 @@
export PATH
-TMPDIR="/tmp"
-ETC_PASSWD="$TMPDIR/passwd.$$.ldap"
-ETC_GROUP="$TMPDIR/group.$$.ldap"
-ETC_SERVICES="$TMPDIR/services.$$.ldap"
-ETC_PROTOCOLS="$TMPDIR/protocols.$$.ldap"
-ETC_FSTAB="$TMPDIR/fstab.$$.ldap"
-ETC_RPC="$TMPDIR/rpc.$$.ldap"
-ETC_HOSTS="$TMPDIR/hosts.$$.ldap"
-ETC_NETWORKS="$TMPDIR/networks.$$.ldap"
-ETC_ALIASES="$TMPDIR/aliases.$$.ldap"
+TEMPDIR="`/bin/mktemp -dt`"
+ETC_PASSWD="$TEMPDIR/passwd.$$.ldap"
+ETC_GROUP="$TEMPDIR/group.$$.ldap"
+ETC_SERVICES="$TEMPDIR/services.$$.ldap"
+ETC_PROTOCOLS="$TEMPDIR/protocols.$$.ldap"
+ETC_FSTAB="$TEMPDIR/fstab.$$.ldap"
+ETC_RPC="$TEMPDIR/rpc.$$.ldap"
+ETC_HOSTS="$TEMPDIR/hosts.$$.ldap"
+ETC_NETWORKS="$TEMPDIR/networks.$$.ldap"
+ETC_ALIASES="$TEMPDIR/aliases.$$.ldap"
EXIT=no
question="Enter the NIS domain to import from (optional): "
diff -ur migrationtools-46/migrate_all_nisplus_offline.sh
migrationtools-46-patched/migrate_all_nisplus_offline.sh
--- migrationtools-46/migrate_all_nisplus_offline.sh 2004-10-28
10:38:46.000000000 +0200
+++ migrationtools-46-patched/migrate_all_nisplus_offline.sh 2005-11-18
18:51:46.266123688 +0100
@@ -39,17 +39,17 @@
PATH=$PATH:/usr/lib/nis:.
export PATH
-TMPDIR="/tmp"
-ETC_PASSWD="$TMPDIR/passwd.$$.ldap"
-ETC_GROUP="$TMPDIR/group.$$.ldap"
-ETC_SERVICES="$TMPDIR/services.$$.ldap"
-ETC_PROTOCOLS="$TMPDIR/protocols.$$.ldap"
-ETC_FSTAB="$TMPDIR/fstab.$$.ldap"
-ETC_RPC="$TMPDIR/rpc.$$.ldap"
-ETC_HOSTS="$TMPDIR/hosts.$$.ldap"
-ETC_NETWORKS="$TMPDIR/networks.$$.ldap"
-ETC_NETGROUP="$TMPDIR/netgroup.$$.ldap"
-ETC_ALIASES="$TMPDIR/aliases.$$.ldap"
+TEMPDIR="`/bin/mktemp -dt`"
+ETC_PASSWD="$TEMPDIR/passwd.$$.ldap"
+ETC_GROUP="$TEMPDIR/group.$$.ldap"
+ETC_SERVICES="$TEMPDIR/services.$$.ldap"
+ETC_PROTOCOLS="$TEMPDIR/protocols.$$.ldap"
+ETC_FSTAB="$TEMPDIR/fstab.$$.ldap"
+ETC_RPC="$TEMPDIR/rpc.$$.ldap"
+ETC_HOSTS="$TEMPDIR/hosts.$$.ldap"
+ETC_NETWORKS="$TEMPDIR/networks.$$.ldap"
+ETC_NETGROUP="$TEMPDIR/netgroup.$$.ldap"
+ETC_ALIASES="$TEMPDIR/aliases.$$.ldap"
EXIT=no
question="Enter the NIS+ domain to import from (optional): "
diff -ur migrationtools-46/migrate_all_nisplus_online.sh
migrationtools-46-patched/migrate_all_nisplus_online.sh
--- migrationtools-46/migrate_all_nisplus_online.sh 2004-10-28
10:38:46.000000000 +0200
+++ migrationtools-46-patched/migrate_all_nisplus_online.sh 2005-11-18
18:51:52.851122616 +0100
@@ -40,17 +40,17 @@
export PATH
-TMPDIR="/tmp"
-ETC_PASSWD="$TMPDIR/passwd.$$.ldap"
-ETC_GROUP="$TMPDIR/group.$$.ldap"
-ETC_SERVICES="$TMPDIR/services.$$.ldap"
-ETC_PROTOCOLS="$TMPDIR/protocols.$$.ldap"
-ETC_FSTAB="$TMPDIR/fstab.$$.ldap"
-ETC_RPC="$TMPDIR/rpc.$$.ldap"
-ETC_HOSTS="$TMPDIR/hosts.$$.ldap"
-ETC_NETWORKS="$TMPDIR/networks.$$.ldap"
-ETC_NETGROUP="$TMPDIR/netgroup.$$.ldap"
-ETC_ALIASES="$TMPDIR/aliases.$$.ldap"
+TEMPDIR="`mktemp -dt`"
+ETC_PASSWD="$TEMPDIR/passwd.$$.ldap"
+ETC_GROUP="$TEMPDIR/group.$$.ldap"
+ETC_SERVICES="$TEMPDIR/services.$$.ldap"
+ETC_PROTOCOLS="$TEMPDIR/protocols.$$.ldap"
+ETC_FSTAB="$TEMPDIR/fstab.$$.ldap"
+ETC_RPC="$TEMPDIR/rpc.$$.ldap"
+ETC_HOSTS="$TEMPDIR/hosts.$$.ldap"
+ETC_NETWORKS="$TEMPDIR/networks.$$.ldap"
+ETC_NETGROUP="$TEMPDIR/netgroup.$$.ldap"
+ETC_ALIASES="$TEMPDIR/aliases.$$.ldap"
EXIT=no
question="Enter the NIS+ domain to import from (optional): "
diff -ur migrationtools-46/migrate_all_offline.sh
migrationtools-46-patched/migrate_all_offline.sh
--- migrationtools-46/migrate_all_offline.sh 2004-10-28 10:38:46.000000000
+0200
+++ migrationtools-46-patched/migrate_all_offline.sh 2005-11-18
18:52:01.406821952 +0100
@@ -41,7 +41,7 @@
# Luke Howard <[EMAIL PROTECTED]> April 1997
#
-DB="/tmp/nis.$$.ldif"
+DB="`mktemp -dt`/nis.$$.ldif"
if [ "X$ETC_ALIASES" = "X" ]; then
ETC_ALIASES=/etc/aliases
diff -ur migrationtools-46/migrate_all_online.sh
migrationtools-46-patched/migrate_all_online.sh
--- migrationtools-46/migrate_all_online.sh 2004-10-28 10:38:46.000000000
+0200
+++ migrationtools-46-patched/migrate_all_online.sh 2005-11-18
18:52:13.561974088 +0100
@@ -38,7 +38,7 @@
SHELL=/bin/sh
export SHELL
-DB=/tmp/nis.$$.ldif
+DB=`/bin/mktemp -dt`/nis.$$.ldif
if [ "X$ETC_ALIASES" = "X" ]; then
ETC_ALIASES=/etc/aliases
