Diffusion FreeBSD ports repository rP509206

MFH: r507219
rP509206
Actions

Description

MFH: r507219

Patch createdb script to avoid race condition / file tampering

During the initialization net/rtg uses the /tmp/mysql.sql
and /tmp/rtg.sql to store the SQL commands executed in the
database with special user privileges.

Using well known files can lead to a race condition between
two process who uses the same file names and allow file
tampering by a malicious user.

This fix uses mktemp command to create temporary files
in a safe way

PR: 238262
Submitted by: rodrigo
Approved by: freebsd-ports@dan.me.uk (maintainer timeout)

Approved by: ports-secteam (miwi@)

Details

Provenance

rodrigo

Authored on

Parents

rP509205: Mark net/kio-gdrive broken

Branches

Unknown

Tags

Unknown

Event Timeline

rodrigo committed rP509206: MFH: r507219.Aug 18 2019, 1:03 PM

Changes (3)

Path

Size

branches/

2019Q3/

net/

rtg/

Makefile

files/

patch-etc_createdb.in

rP509206

View Options

branches/2019Q3/

View Options

branches/2019Q3/net/rtg/Makefile

View Options

branches/2019Q3/net/rtg/files/patch-etc_createdb.in

MFH: r507219rP509206Actions

Description

Details

Event Timeline

Changes (3)

rP509206

branches/2019Q3/

branches/2019Q3/net/rtg/Makefile

branches/2019Q3/net/rtg/files/patch-etc_createdb.in

MFH: r507219
rP509206
Actions