From cbfbb0c21a2b6df650b0b8897f4c256d3edb62ce Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Wed, 20 Jun 2018 17:45:16 -0400 Subject: [PATCH] Use mktemp to get the filename for storing the templating script Using a fixed string could allow for abuse by anyone who has access to /tmp. One could place a symbolic link to any file to cause it to be overwritten when alternc.install is run. --- install/alternc.install | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/install/alternc.install b/install/alternc.install index 5b40707a..07c86175 100755 --- a/install/alternc.install +++ b/install/alternc.install @@ -259,9 +259,7 @@ PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1) # Secret for PhpMyAdmin sessions PHPMYADMIN_BLOWFISH="$(generate_string 32)" -# XXX: I assume this is secure if /tmp is sticky (+t) -# we should have a better way to deal with templating, of course. -SED_SCRIPT="/tmp/alternc.install.sedscript" +SED_SCRIPT=$(mktemp) # Escape passwords for sed and restore afterwards # Escaping '&' and '|' since those are used as special characters MYSQL_PASS_ORIG="$MYSQL_PASS"