- Fix handling of temp file in mtx_changer.in, reported as

author Kern Sibbald <kern@sibbald.com>

Mon, 19 Sep 2005 17:07:08 +0000 (17:07 +0000)

committer Kern Sibbald <kern@sibbald.com>

Mon, 19 Sep 2005 17:07:08 +0000 (17:07 +0000)
author Kern Sibbald <kern@sibbald.com>
Mon, 19 Sep 2005 17:07:08 +0000 (17:07 +0000)
committer Kern Sibbald <kern@sibbald.com>
Mon, 19 Sep 2005 17:07:08 +0000 (17:07 +0000)
diff --git a/bacula/autoconf/randpass b/bacula/autoconf/randpass

index b233e24efcea7a9a049a7722ba27a030c28b8aa4..af30bfb929bbf4e455085ea84247821fbf8223d7 100755 (executable)
--- a/bacula/autoconf/randpass
+++ b/bacula/autoconf/randpass
@@ -8,7 +8,14 @@ if test "x$1" = "x" ; then
  else
     PWL=$1
  fi 
-tmp=/tmp/p.tmp.$$    
+tmp=`mktemp randpass.XXXXXXXXXX`
+if test x$tmp = x; then
+   tmp=/tmp/p.tmp.$$    
+   if test -f $tmp; then
+      echo "Temp file security problem on: $tmp"
+      exit 1
+   fi
+fi
  cp autoconf/randpass.bc $tmp
  ps | sum | tr -d ':[:alpha:] ' | sed 's/^/k=/' >>$tmp
  date | tr -d ':[:alpha:] ' | sed 's/^/k=k*/' >>$tmp
diff --git a/bacula/kes-1.37 b/bacula/kes-1.37

index 72014d6f539e9a163e3a96a8c0fdbab98842023a..1deda0081c2e9b988296113095b370cb5ae9ec9c 100644 (file)
--- a/bacula/kes-1.37
+++ b/bacula/kes-1.37
@@ -4,6 +4,12 @@
  General:
  
  Changes to 1.37.39:
+19Sep05
+- Fix handling of temp file in mtx_changer.in, reported as
+  a security bug, but it is not really.  Bug #422
+- Fix security problem of handling temp file in randpass.
+  Bug #422.
+- During label/relabel, add new_volume to VOLRES list in SD.
  18Sep05
  - Apply Landon's patch for the TLS ANS1 API change.
  - Remove old code.
diff --git a/bacula/scripts/mtx-changer.in b/bacula/scripts/mtx-changer.in

index ae27f522916efa3e64d11f890865a3b286d94c8e..49bdd1587af88eb37b253b5b57ff23ed69901f38 100644 (file)
--- a/bacula/scripts/mtx-changer.in
+++ b/bacula/scripts/mtx-changer.in
@@ -35,8 +35,14 @@
  #
  
  MTX=@MTX@
-# Set this to a directory that only the SD can read/write
-TMPDIR=@working_dir@
+TMPFILE=`mktemp mtx.XXXXXXXXXX`
+if test x${TMPFILE} = x; then
+   TMPFILE="@working_dir@/mtx.$$"
+   if test -f ${TMPFILE}; then
+      echo "Temp file security problem on: ${TMPFILE}"
+      exit 1
+   fi
+fi
  
  #
  # The purpose of this function to wait a maximum 
@@ -74,6 +80,7 @@ slot=$3
  device=$4
  drive=$5
  
+
  #
  # Check for special cases where only 2 arguments are needed, 
  #  all others are a minimum of 3
@@ -115,11 +122,11 @@ case $cmd in
  
     list) 
  #     echo "Doing mtx -f $ctl -- to list volumes"
-      ${MTX} -f $ctl status >${TMPDIR}/mtx.$$
+      ${MTX} -f $ctl status >${TMPFILE}
        rtn=$?
-      cat ${TMPDIR}/mtx.$$ | grep " *Storage Element [0-9]*:.*Full" | awk "{print \$3 \$4}" | sed "s/Full *\(:VolumeTag=\)*//"
-      cat ${TMPDIR}/mtx.$$ | grep "^Data Transfer Element [0-9]*:Full (Storage Element [0-9]" | awk '{printf "%s:%s\n",$7,$10}'
-      rm -f ${TMPDIR}/mtx.$$ 2>&1 >/dev/null
+      cat ${TMPFILE} | grep " *Storage Element [0-9]*:.*Full" | awk "{print \$3 \$4}" | sed "s/Full *\(:VolumeTag=\)*//"
+      cat ${TMPFILE} | grep "^Data Transfer Element [0-9]*:Full (Storage Element [0-9]" | awk '{printf "%s:%s\n",$7,$10}'
+      rm -f ${TMPFILE} 2>&1 >/dev/null
  #
  # If you have a VXA PacketLoader and the above does not work, try
  #  turning it off and enabling the following line.
@@ -129,11 +136,11 @@ case $cmd in
  
     loaded)
  #     echo "Doing mtx -f $ctl $drive -- to find what is loaded"
-      ${MTX} -f $ctl status >${TMPDIR}/mtx.$$
+      ${MTX} -f $ctl status >${TMPFILE}
        rtn=$?
-      cat ${TMPDIR}/mtx.$$ | grep "^Data Transfer Element $drive:Full" | awk "{print \$7}"
-      cat ${TMPDIR}/mtx.$$ | grep "^Data Transfer Element $drive:Empty" | awk "{print 0}"
-      rm -f ${TMPDIR}/mtx.$$ 2>&1 >/dev/null
+      cat ${TMPFILE} | grep "^Data Transfer Element $drive:Full" | awk "{print \$7}"
+      cat ${TMPFILE} | grep "^Data Transfer Element $drive:Empty" | awk "{print 0}"
+      rm -f ${TMPFILE} 2>&1 >/dev/null
        exit $rtn
        ;;
  
diff --git a/bacula/src/stored/label.c b/bacula/src/stored/label.c

index 2ca577c680e3554aff7eac94e3093c7396e58463..993a8c53d6f514761161a4c5ed5a9af57cf50a2a 100644 (file)
--- a/bacula/src/stored/label.c
+++ b/bacula/src/stored/label.c
@@ -353,6 +353,7 @@ bool write_new_volume_label_to_dev(DCR *dcr, const char *VolName, const char *Po
     if (debug_level >= 20)  {
        dump_volume_label(dev);
     }
+   new_volume(dcr, VolName);
     dev->clear_append();               /* remove append since this is PRE_LABEL */
     return true;
  
diff --git a/bacula/src/version.h b/bacula/src/version.h

index 00b0fa468d8167e1ff22173d7131ad76bd3869b4..ce9c0a45844b175bfe4fb2c9c8d35fcdd83e7989 100644 (file)
--- a/bacula/src/version.h
+++ b/bacula/src/version.h
@@ -4,8 +4,8 @@
  
  #undef  VERSION
  #define VERSION "1.37.39"
-#define BDATE   "18 September 2005"
-#define LSMDATE "18Sep05"
+#define BDATE   "19 September 2005"
+#define LSMDATE "19Sep05"
  
  /* Debug flags */
  #undef  DEBUG
author	Kern Sibbald <kern@sibbald.com>
	Mon, 19 Sep 2005 17:07:08 +0000 (17:07 +0000)
committer	Kern Sibbald <kern@sibbald.com>
	Mon, 19 Sep 2005 17:07:08 +0000 (17:07 +0000)
bacula/autoconf/randpass		patch \| blob \| history
bacula/kes-1.37		patch \| blob \| history
bacula/scripts/mtx-changer.in		patch \| blob \| history
bacula/src/stored/label.c		patch \| blob \| history
bacula/src/version.h		patch \| blob \| history