[Ovirt-devel] [PATCH node] Networking configuration support.
Jim Meyering
jim at meyering.net
Thu Nov 13 22:00:33 UTC 2008
"Darryl L. Pierce" <dpierce at redhat.com> wrote:
> This script allows the user to iterate through and edit the
> network interfaces on the node.
...
> +# clean up any left over configurations
> +rm -f /var/tmp/config-augtool
> +rm -f /var/tmp/augtool-*
This surprised me. A script like this
should delete only whatever files it creates.
...
> +# Merge together all generated files and run augtool
> +
> +cat /var/tmp/augtool-* > /var/tmp/config-augtool
Oops.
A malicious user can create arbitrary /var/tmp/augtool-nasty-*
files, and this script will use them.
Safer would be to use a directory created by mktemp -d,
and put all files in there.
> +printf "save\n" >> /var/tmp/config-augtool
> +{
> +augtool < /var/tmp/config-augtool
> +service network restart
> +} > $CONFIG_LOG_FILE 2>> $CONFIG_LOG_FILE
> \ No newline at end of file
More information about the ovirt-devel
mailing list