[Ovirt-devel] [PATCH node] Networking configuration support.
Darryl Pierce
dpierce at redhat.com
Fri Nov 14 13:59:50 UTC 2008
On Thursday 13 November 2008 05:00:33 pm Jim Meyering wrote:
> "Darryl L. Pierce" <dpierce at redhat.com> wrote:
> > This script allows the user to iterate through and edit the
> > network interfaces on the node.
>
> ...
>
> > +# clean up any left over configurations
> > +rm -f /var/tmp/config-augtool
> > +rm -f /var/tmp/augtool-*
>
> This surprised me. A script like this
> should delete only whatever files it creates.
>
> ...
>
> > +# Merge together all generated files and run augtool
> > +
> > +cat /var/tmp/augtool-* > /var/tmp/config-augtool
>
> Oops.
> A malicious user can create arbitrary /var/tmp/augtool-nasty-*
> files, and this script will use them.
>
> Safer would be to use a directory created by mktemp -d,
> and put all files in there.
>
> > +printf "save\n" >> /var/tmp/config-augtool
> > +{
> > +augtool < /var/tmp/config-augtool
> > +service network restart
> > +} > $CONFIG_LOG_FILE 2>> $CONFIG_LOG_FILE
> > \ No newline at end of file
Good suggestion. Since this is already pushed, I'll patch it and submit for
review.
--
Darryl L. Pierce, Sr. Software Engineer
Red Hat, Inc. - http://www.redhat.com/
oVirt - Virtual Machine Management - http://www.ovirt.org/
"What do you care what other people think, Mr. Feynman?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/ovirt-devel/attachments/20081114/fff821c3/attachment.sig>
More information about the ovirt-devel
mailing list