[nagios/el6] Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
Jose Pedro Oliveira
jpo at fedoraproject.org
Thu Aug 29 02:46:37 UTC 2013
commit ddafe2c84766e80f0f8f6a38ae220d2ebf8d5ca4
Author: Jose Pedro Oliveira <jpo at di.uminho.pt>
Date: Thu Aug 29 03:14:32 2013 +0100
Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
nagios.spec | 5 ++++-
nagios.upgrade_to_v3.sh | 2 +-
2 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/nagios.spec b/nagios.spec
index 8f4f340..c283877 100644
--- a/nagios.spec
+++ b/nagios.spec
@@ -1,6 +1,6 @@
Name: nagios
Version: 3.5.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Host/service/network monitoring program
Group: Applications/System
@@ -280,6 +280,9 @@ fi
%changelog
+* Thu Aug 29 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-2
+- Insecure temporary file usage in nagios.upgrade_to_v3.sh (#958294)
+
* Thu Apr 25 2013 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.5.0-1
- Update to 3.5.0
- Patch nagios-3.4.3-spaces-to-plus-signs.patch (#952139)
diff --git a/nagios.upgrade_to_v3.sh b/nagios.upgrade_to_v3.sh
index 26cd4c7..d233e59 100644
--- a/nagios.upgrade_to_v3.sh
+++ b/nagios.upgrade_to_v3.sh
@@ -8,7 +8,7 @@
nagios_cfg=/etc/nagios/nagios.cfg
-tmp1=/tmp/nagioscfg.$$.tmp
+tmp1=`mktemp /tmp/nagios.cfg.XXXXXXXX`
# search for and replace the check_result_buffer_slots attribute into a temporary file
cat $nagios_cfg | sed --regexp-extended "s/^(\s*check_result_buffer_slots\s*=\s*)/# Line Commented out for Nagios v3 Compatibility\n#\1/g" > $tmp1
More information about the scm-commits
mailing list