Package: flexbackup
Followup-For: Bug #334350
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo has two patches for this issue. The first [1], attached to bug
#105000 [2], is supposedly from Debian, but was apparently never
uploaded. The patch reportedly breaks remote backups [3], though, and
bug #116510 [4] has a patch [5] that fixes both the original
vulnerability and the subsequent issues with remote backup. The second
patch applies cleanly to Debian's version, but I have not tested it.
The second patch is attached unmodified.
[1] http://bugs.gentoo.org/attachment.cgi?id=69694&action=view
[2] http://bugs.gentoo.org/show_bug.cgi?id=105000
[3] http://bugs.gentoo.org/show_bug.cgi?id=105000#c15
[4] http://bugs.gentoo.org/show_bug.cgi?id=116510
[5] http://bugs.gentoo.org/attachment.cgi?id=86773&action=view
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEaJfEAud/2YgchcQRAgvBAJ94NMAlnvYNvVNykdoTB8ftmcfmbACdHBsg
8TsMQ1YhxSSi5H+TAcSSYXQ=
=M/2d
-----END PGP SIGNATURE-----
--- flexbackup 2003-10-10 07:12:09.000000000 -0700
+++ /usr/bin/flexbackup 2006-05-14 13:14:54.000000000 -0700
@@ -269,6 +269,7 @@
untie(%::index);
}
+system ('rm', '-rf', $cfg::tmpdir);
exit(0);
######################################################################
@@ -811,6 +812,11 @@
($remove, @cmds) = &backup_filelist($label, $localdir, $title, $level,
$remote);
}
+ if(defined($remote)) {
+ # create our temporary directory as first remote command
+ unshift(@cmds, &maybe_remote_cmd("$::path{mkdir} -p
$cfg::tmpdir", $remote));
+ }
+
# Nuke any tmp files used in the above routines
if ($remove ne '') {
push(@cmds, &maybe_remote_cmd("$::path{rm} -f $remove", $remote));
@@ -827,6 +833,11 @@
push(@cmds, &maybe_remote_cmd("$::path{rm} -f $pkglist", $remote));
}
}
+
+ if(defined($remote)) {
+ # remove temporary directory as our last remote command
+ push(@cmds, &maybe_remote_cmd("$::path{rm} -rf $cfg::tmpdir",
$remote));
+ }
# Strip multiple spaces
foreach my $cmd (@cmds) {
@@ -2750,8 +2761,9 @@
$::path{'find'} = &checkinpath('find');
$::path{'dd'} = &checkinpath('dd');
$::path{'printf'} = &checkinpath('printf');
+ $::path{'mkdir'} = &checkinpath('mkdir');
-
push(@::remoteprogs,($::path{'touch'},$::path{'rm'},$::path{'find'},$::path{'printf'}));
+
push(@::remoteprogs,($::path{'touch'},$::path{'rm'},$::path{'find'},$::path{'printf'},$::path{'mkdir'}));
# Check device (or dir)
$::ftape = 0;
@@ -3442,6 +3454,15 @@
push(@::errors,"\$tmpdir $cfg::tmpdir is not writable");
}
+ $cfg::hostname = `hostname`;
+ chomp($cfg::hostname);
+
+ # Use a subdirectory of the user-specified directory as our tmpdir
+ # Also note that we make it closer to globally unique as we sometimes
+ # use this variable for remote systems, so PID isn't enough
+ $cfg::tmpdir = $cfg::tmpdir .'/flexbackup.'.$$.'.'.$cfg::hostname;
+ mkdir ($cfg::tmpdir) || die "Can't create temporary directory, $!";
+
# Levels
if (defined($::opt{'level'}) and
(defined($::opt{'incremental'}) or
@@ -5236,8 +5257,8 @@
# Create a script which tests the buffer program
open(SCR,"> $tmp_script") || die;
print SCR "#!/bin/sh\n";
- print SCR "tmp_data=/tmp/bufftest\$\$.txt\n";
- print SCR "tmp_err=/tmp/bufftest\$\$.err\n";
+ print SCR "tmp_data=\`tempfile\`\n";
+ print SCR "tmp_err=\`tempfile\`\n";
print SCR "echo testme > \$tmp_data\n";
print SCR "$buffer_cmd > /dev/null 2> \$tmp_err < \$tmp_data\n";
print SCR "res=\$?\n";
