| 1 |
#! /bin/sh /usr/share/dpatch/dpatch-run
|
| 2 |
## 23_debug_tmpfile.dpatch by <martin.pitt@ubuntu.com>
|
| 3 |
##
|
| 4 |
## All lines beginning with `## DP:' are a description of the patch.
|
| 5 |
## DP: No description.
|
| 6 |
|
| 7 |
@DPATCH@
|
| 8 |
diff -urNad cdrtools-2.01.01/rscsi/rscsi.c cdrtools-2.01.01-jh/rscsi/rscsi.c
|
| 9 |
--- cdrtools-2.01.01/rscsi/rscsi.c 2005-08-18 23:16:54.416684312 +0100
|
| 10 |
+++ cdrtools-2.01.01-jh/rscsi/rscsi.c 2005-08-18 23:24:58.000000000 +0100
|
| 11 |
@@ -169,8 +169,18 @@
|
| 12 |
* XXX and for this reason a possible security risk would have been
|
| 13 |
* XXX introduced by the administrator.
|
| 14 |
*/
|
| 15 |
- if (debug_name != NULL)
|
| 16 |
- debug_file = fopen(debug_name, "w");
|
| 17 |
+ if (debug_name != NULL) {
|
| 18 |
+ /* Try to be careful when opening debug files, might be
|
| 19 |
+ * created in an unsafe location
|
| 20 |
+ * */
|
| 21 |
+ int fd = open(debug_name, O_CREAT | O_EXCL | O_TRUNC | O_RDWR, 0600);
|
| 22 |
+ if (fd > -1)
|
| 23 |
+ debug_file = fdopen(fd, "w");
|
| 24 |
+ else {
|
| 25 |
+ rscsirespond(-1, geterrno());
|
| 26 |
+ exit(EX_BAD);
|
| 27 |
+ }
|
| 28 |
+ }
|
| 29 |
|
| 30 |
if (argc > 0) {
|
| 31 |
if (debug_file == 0) {
|
| 32 |
diff -urNad cdrtools-2.01.01/rscsi/rscsi.dfl cdrtools-2.01.01-jh/rscsi/rscsi.dfl
|
| 33 |
--- cdrtools-2.01.01/rscsi/rscsi.dfl 2005-08-18 23:22:54.632923120 +0100
|
| 34 |
+++ cdrtools-2.01.01-jh/rscsi/rscsi.dfl 2005-08-18 23:28:03.000000000 +0100
|
| 35 |
@@ -9,17 +9,15 @@
|
| 36 |
|
| 37 |
#
|
| 38 |
# The file where debug info should go to.
|
| 39 |
-# If you don't like debugging (e.g. for speed) comment out
|
| 40 |
-# the this line.
|
| 41 |
+# This is commented out by default to speed up the program.
|
| 42 |
+# If you enable it make sure you substitute SAFE_DIR to a safe directory
|
| 43 |
+# to debug to.
|
| 44 |
#
|
| 45 |
# Note that rscsi runs as root and thus may be able to overwrite any file.
|
| 46 |
# Be sure not to allow other people to replace the debug file by a symlink
|
| 47 |
-# to e.g. /etc/passwd. If your system supports append only directories, this
|
| 48 |
-# may be done by "chmod +t /tmp". If you are not sure, do never use /tmp
|
| 49 |
-# but a different directory that is safe against modifications by non root
|
| 50 |
-# users.
|
| 51 |
+# to e.g. /etc/passwd.
|
| 52 |
#
|
| 53 |
-#DEBUG=/tmp/RSCSI
|
| 54 |
+#DEBUG=SAFE_DIR/rscsi.dbg
|
| 55 |
|
| 56 |
#
|
| 57 |
# Each USER= entry adds the listed user to the users who may run rscsi
|
Parent Directory
| 
Revision Log