From: Kern Sibbald Date: Mon, 19 Sep 2005 17:07:08 +0000 (+0000) Subject: - Fix handling of temp file in mtx_changer.in, reported as X-Git-Tag: Release-1.38.0~106 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=2813f60951e4db9d256a642794bc6e3427d8691c;p=bacula%2Fbacula - Fix handling of temp file in mtx_changer.in, reported as a security bug, but it is not really. Bug #422 - Fix security problem of handling temp file in randpass. Bug #422. - During label/relabel, add new_volume to VOLRES list in SD. git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@2398 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/autoconf/randpass b/bacula/autoconf/randpass index b233e24efc..af30bfb929 100755 --- a/bacula/autoconf/randpass +++ b/bacula/autoconf/randpass @@ -8,7 +8,14 @@ if test "x$1" = "x" ; then else PWL=$1 fi -tmp=/tmp/p.tmp.$$ +tmp=`mktemp randpass.XXXXXXXXXX` +if test x$tmp = x; then + tmp=/tmp/p.tmp.$$ + if test -f $tmp; then + echo "Temp file security problem on: $tmp" + exit 1 + fi +fi cp autoconf/randpass.bc $tmp ps | sum | tr -d ':[:alpha:] ' | sed 's/^/k=/' >>$tmp date | tr -d ':[:alpha:] ' | sed 's/^/k=k*/' >>$tmp diff --git a/bacula/kes-1.37 b/bacula/kes-1.37 index 72014d6f53..1deda0081c 100644 --- a/bacula/kes-1.37 +++ b/bacula/kes-1.37 @@ -4,6 +4,12 @@ General: Changes to 1.37.39: +19Sep05 +- Fix handling of temp file in mtx_changer.in, reported as + a security bug, but it is not really. Bug #422 +- Fix security problem of handling temp file in randpass. + Bug #422. +- During label/relabel, add new_volume to VOLRES list in SD. 18Sep05 - Apply Landon's patch for the TLS ANS1 API change. - Remove old code. diff --git a/bacula/scripts/mtx-changer.in b/bacula/scripts/mtx-changer.in index ae27f52291..49bdd1587a 100644 --- a/bacula/scripts/mtx-changer.in +++ b/bacula/scripts/mtx-changer.in @@ -35,8 +35,14 @@ # MTX=@MTX@ -# Set this to a directory that only the SD can read/write -TMPDIR=@working_dir@ +TMPFILE=`mktemp mtx.XXXXXXXXXX` +if test x${TMPFILE} = x; then + TMPFILE="@working_dir@/mtx.$$" + if test -f ${TMPFILE}; then + echo "Temp file security problem on: ${TMPFILE}" + exit 1 + fi +fi # # The purpose of this function to wait a maximum @@ -74,6 +80,7 @@ slot=$3 device=$4 drive=$5 + # # Check for special cases where only 2 arguments are needed, # all others are a minimum of 3 @@ -115,11 +122,11 @@ case $cmd in list) # echo "Doing mtx -f $ctl -- to list volumes" - ${MTX} -f $ctl status >${TMPDIR}/mtx.$$ + ${MTX} -f $ctl status >${TMPFILE} rtn=$? - cat ${TMPDIR}/mtx.$$ | grep " *Storage Element [0-9]*:.*Full" | awk "{print \$3 \$4}" | sed "s/Full *\(:VolumeTag=\)*//" - cat ${TMPDIR}/mtx.$$ | grep "^Data Transfer Element [0-9]*:Full (Storage Element [0-9]" | awk '{printf "%s:%s\n",$7,$10}' - rm -f ${TMPDIR}/mtx.$$ 2>&1 >/dev/null + cat ${TMPFILE} | grep " *Storage Element [0-9]*:.*Full" | awk "{print \$3 \$4}" | sed "s/Full *\(:VolumeTag=\)*//" + cat ${TMPFILE} | grep "^Data Transfer Element [0-9]*:Full (Storage Element [0-9]" | awk '{printf "%s:%s\n",$7,$10}' + rm -f ${TMPFILE} 2>&1 >/dev/null # # If you have a VXA PacketLoader and the above does not work, try # turning it off and enabling the following line. @@ -129,11 +136,11 @@ case $cmd in loaded) # echo "Doing mtx -f $ctl $drive -- to find what is loaded" - ${MTX} -f $ctl status >${TMPDIR}/mtx.$$ + ${MTX} -f $ctl status >${TMPFILE} rtn=$? - cat ${TMPDIR}/mtx.$$ | grep "^Data Transfer Element $drive:Full" | awk "{print \$7}" - cat ${TMPDIR}/mtx.$$ | grep "^Data Transfer Element $drive:Empty" | awk "{print 0}" - rm -f ${TMPDIR}/mtx.$$ 2>&1 >/dev/null + cat ${TMPFILE} | grep "^Data Transfer Element $drive:Full" | awk "{print \$7}" + cat ${TMPFILE} | grep "^Data Transfer Element $drive:Empty" | awk "{print 0}" + rm -f ${TMPFILE} 2>&1 >/dev/null exit $rtn ;; diff --git a/bacula/src/stored/label.c b/bacula/src/stored/label.c index 2ca577c680..993a8c53d6 100644 --- a/bacula/src/stored/label.c +++ b/bacula/src/stored/label.c @@ -353,6 +353,7 @@ bool write_new_volume_label_to_dev(DCR *dcr, const char *VolName, const char *Po if (debug_level >= 20) { dump_volume_label(dev); } + new_volume(dcr, VolName); dev->clear_append(); /* remove append since this is PRE_LABEL */ return true; diff --git a/bacula/src/version.h b/bacula/src/version.h index 00b0fa468d..ce9c0a4584 100644 --- a/bacula/src/version.h +++ b/bacula/src/version.h @@ -4,8 +4,8 @@ #undef VERSION #define VERSION "1.37.39" -#define BDATE "18 September 2005" -#define LSMDATE "18Sep05" +#define BDATE "19 September 2005" +#define LSMDATE "19Sep05" /* Debug flags */ #undef DEBUG