Ignore:
Timestamp:
Sep 23, 2007, 2:41:29 AM (17 years ago)
Author:
Bruno Cornec
Message:

Apply patch from Andree Leidenfrost, modified a bit to use bkpinfo->tmpdir instead of /tmp
or MINDI_CACHE when appropriate. Fix security issues in mondo
Thanks al ot Andree for catching all those issues.
Will not compile needs more work as bkpinfo->tmpdir isn't available everywhere
Should become a global in 3.x when only containing pointers.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.2.5/mondo/src/common/libmondo-archive.c

    r1614 r1644  
    14741474    }
    14751475/* if not Debian then go ahead & use fdformat */
    1476     strcpy(tempfile,
    1477            call_program_and_get_last_line_of_output
    1478            ("mktemp -q /tmp/mondo.XXXXXXXX"));
     1476    sprintf(tempfile, "%s/mondo.floppy.log", bkpinfo->tmpdir);
    14791477    sprintf(command, "%s >> %s 2>> %s; rm -f %s", cmd, tempfile, tempfile,
    14801478            tempfile);
     
    31953193    }
    31963194    log_to_screen("Scanning CD-ROM drive...");
    3197     sprintf(mtpt, "/tmp/cd.mtpt.%ld.%ld", (long int) random(),
    3198             (long int) random());
     3195    sprintf(mtpt, "%s/cd.mtpt", bkpinfo->tmpdir);
    31993196    make_hole_for_dir(mtpt);
    32003197
     
    39593956        log_msg(2,
    39603957                "Not verifying again. Per-CD/ISO verification already carried out.");
    3961         paranoid_system
    3962             ("cat /tmp/changed.files.* > /tmp/changed.files 2> /dev/null");
     3958        sprintf(tmp, "cat %s/changed.files > %s/changed.files 2> /dev/null",bkpinfo->tmpdir, MINDI_CACHE);
     3959        paranoid_system(tmp);
    39633960    } else {
    39643961        g_current_media_number = cdno;
     
    39963993*/
    39973994        sprintf(tmp,
    3998                 "grep 'afio: ' %s | sed 's/afio: //' | grep -vE '^/dev/.*$' >> /tmp/changed.files",
    3999                 MONDO_LOGFILE);
     3995                "grep 'afio: ' %s | sed 's/afio: //' | grep -vE '^/dev/.*$' >> %s/changed.files",
     3996                MONDO_LOGFILE, MINDI_CACHE);
    40003997        system(tmp);
    40013998
    40023999        sprintf(tmp,
    4003                 "grep 'star: ' %s | sed 's/star: //' | grep -vE '^/dev/.*$' >> /tmp/changed.files",
    4004                 MONDO_LOGFILE);
     4000                "grep 'star: ' %s | sed 's/star: //' | grep -vE '^/dev/.*$' >> %s/changed.files",
     4001                MONDO_LOGFILE, MINDI_CACHE);
    40054002        system(tmp);
    40064003        run_program_and_log_output("umount " MNT_CDROM, FALSE);
     
    40104007//}
    40114008    }
    4012     diffs = count_lines_in_file("/tmp/changed.files");
     4009    sprintf(tmp, "%s/changed.files", MINDI_CACHE);
     4010    diffs = count_lines_in_file(tmp);
    40134011
    40144012    if (diffs > 0) {
Note: See TracChangeset for help on using the changeset viewer.