diff options
| author | jh <jh@FreeBSD.org> | 2010-03-13 12:02:44 +0000 |
|---|---|---|
| committer | jh <jh@FreeBSD.org> | 2010-03-13 12:02:44 +0000 |
| commit | 869edd8e6abb6dae1fd51dcdbd97e7f9254a3145 (patch) | |
| tree | 67df7f41616a0f65873f0e69c2c6499e9979533c /etc | |
| parent | 9c66077065013a46ce0156bd4524ddd6b5444ae8 (diff) | |
| download | FreeBSD-src-869edd8e6abb6dae1fd51dcdbd97e7f9254a3145.zip FreeBSD-src-869edd8e6abb6dae1fd51dcdbd97e7f9254a3145.tar.gz | |
Use an unique directory name instead of hardcoded /tmp/.diskless.
A malicious user could create a file named /tmp/.diskless and cause
the script to misbehave.
PR: conf/141258
Reported by: Jon Passki
MFC after: 1 week
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/rc.d/tmp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp index abf53ac..282709e 100755 --- a/etc/rc.d/tmp +++ b/etc/rc.d/tmp @@ -51,8 +51,8 @@ case "${tmpmfs}" in [Nn][Oo]) ;; *) - if /bin/mkdir -p /tmp/.diskless 2> /dev/null; then - rmdir /tmp/.diskless + if _tmpdir=$(mktemp -d -q /tmp/.diskless.XXXXXX); then + rmdir ${_tmpdir} else if [ -h /tmp ]; then echo "*** /tmp is a symlink to a non-writable area!" |
