Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
resource-agents.26252
0001-make-secure-tmp-files.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-make-secure-tmp-files.patch of Package resource-agents.26252
From 1191d685b3ac1008af3f45fd8099759efb4de37a Mon Sep 17 00:00:00 2001 From: Peter Varkoly <varkoly@suse.com> Date: Tue, 24 Mar 2020 18:37:15 +0100 Subject: [PATCH 1/2] Predictable tmp file in sapdb-nosha.sh The name is easily predicted. Use /var/run instead of /tmp make it secure. --- heartbeat/sapdb-nosha.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/heartbeat/sapdb-nosha.sh b/heartbeat/sapdb-nosha.sh index 06aa65c4b..cee1f7f99 100644 --- a/heartbeat/sapdb-nosha.sh +++ b/heartbeat/sapdb-nosha.sh @@ -740,5 +740,5 @@ sidadm="`echo $SID | tr '[:upper:]' '[:lower:]'`adm" } # Set a tempfile and make sure to clean it up again -TEMPFILE="/tmp/SAPDatabase.$$.tmp" -trap trap_handler INT TERM \ No newline at end of file +TEMPFILE="/var/run/SAPDatabase.$$.tmp" +trap trap_handler INT TERM From c6eb0d5de943a3047c4eec211a366372ad9d8c86 Mon Sep 17 00:00:00 2001 From: Peter Varkoly <varkoly@suse.com> Date: Wed, 25 Mar 2020 11:16:07 +0100 Subject: [PATCH 2/2] Fix predictable tmp file using in some agents. --- heartbeat/ClusterMon | 4 ++-- heartbeat/openstack-cinder-volume | 2 +- heartbeat/sapdb-nosha.sh | 2 +- rgmanager/src/resources/oradg.sh.in | 10 +++++----- tools/ocft/caselib.in | 10 +++++----- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/heartbeat/ClusterMon b/heartbeat/ClusterMon index 1d45ff47e..2bbf87da4 100755 --- a/heartbeat/ClusterMon +++ b/heartbeat/ClusterMon @@ -45,8 +45,8 @@ OCF_RESKEY_user_default="root" OCF_RESKEY_update_default="15000" OCF_RESKEY_extra_options_default="" -OCF_RESKEY_pidfile_default="/tmp/ClusterMon_${OCF_RESOURCE_INSTANCE}.pid" -OCF_RESKEY_htmlfile_default="/tmp/ClusterMon_${OCF_RESOURCE_INSTANCE}.html" +OCF_RESKEY_pidfile_default="${HA_RSCTMP}/ClusterMon_${OCF_RESOURCE_INSTANCE}.pid" +OCF_RESKEY_htmlfile_default="${HA_RSCTMP}/ClusterMon_${OCF_RESOURCE_INSTANCE}.html" : ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} : ${OCF_RESKEY_update=${OCF_RESKEY_update_default}} diff --git a/heartbeat/openstack-cinder-volume b/heartbeat/openstack-cinder-volume index f47570b8b..d8e12c92f 100755 --- a/heartbeat/openstack-cinder-volume +++ b/heartbeat/openstack-cinder-volume @@ -35,7 +35,7 @@ # Defaults OCF_RESKEY_openstackcli_default="/usr/bin/openstack" -OCF_RESKEY_node_id_cache_file_default="/tmp/node_id" +OCF_RESKEY_node_id_cache_file_default="${HA_RSCTMP}/node_id" OCF_RESKEY_volume_local_check_default="true" export attached_server_id="" diff --git a/heartbeat/sapdb-nosha.sh b/heartbeat/sapdb-nosha.sh index cee1f7f99..31b52e7fe 100644 --- a/heartbeat/sapdb-nosha.sh +++ b/heartbeat/sapdb-nosha.sh @@ -740,5 +740,5 @@ sidadm="`echo $SID | tr '[:upper:]' '[:lower:]'`adm" } # Set a tempfile and make sure to clean it up again -TEMPFILE="/var/run/SAPDatabase.$$.tmp" +TEMPFILE="${HA_RSCTMP}/SAPDatabase.$$.tmp" trap trap_handler INT TERM diff --git a/rgmanager/src/resources/oradg.sh.in b/rgmanager/src/resources/oradg.sh.in index 4674fe1b2..955f93e18 100644 --- a/rgmanager/src/resources/oradg.sh.in +++ b/rgmanager/src/resources/oradg.sh.in @@ -122,7 +122,7 @@ end; select database_role, open_mode from v\$database; set heading off; set serveroutput off; -spool /tmp/dgstatus.${ORACLE_SID}; +spool ${HA_RSCTMP}/dgstatus.${ORACLE_SID}; select open_mode from v\$database; spool off; EOF @@ -463,9 +463,9 @@ start_oracle() { fi done - if [ -n "$ORACLE_HOSTNAME" -a -s /tmp/dgstatus.${ORACLE_SID} ]; then + if [ -n "$ORACLE_HOSTNAME" -a -s ${HA_RSCTMP}/dgstatus.${ORACLE_SID} ]; then # Start DB Console if vhost defined and database_role is READ WRITE - if cat /tmp/dgstatus.${ORACLE_SID} 2>/dev/null | grep "READ WRITE"; then + if cat ${HA_RSCTMP}/dgstatus.${ORACLE_SID} 2>/dev/null | grep "READ WRITE"; then ocf_log info "Starting Oracle EM DB Console for $ORACLE_SID" emctl start dbconsole if [ $? -ne 0 ]; then @@ -478,7 +478,7 @@ start_oracle() { ocf_log info "Oracle EM DB Console startup for $ORACLE_SID succeeded" fi fi - rm -f /tmp/dgstatus.${ORACLE_SID} + rm -f ${HA_RSCTMP}/dgstatus.${ORACLE_SID} fi if [ -n "$LOCKFILE" ]; then @@ -619,7 +619,7 @@ status_oracle() { # Data Guard Modification 1 - Debug Logging case $1 in stop | start | status | restart | recover | monitor ) -[ $(id -u) = 0 ] && exec > "/tmp/oradg_${ORACLE_SID}_$1.log" 2>&1 +[ $(id -u) = 0 ] && exec > "${HA_RSCTMP}/oradg_${ORACLE_SID}_$1.log" 2>&1 set -x date echo $@ diff --git a/tools/ocft/caselib.in b/tools/ocft/caselib.in index 1857e6381..33ffa72dd 100644 --- a/tools/ocft/caselib.in +++ b/tools/ocft/caselib.in @@ -93,7 +93,7 @@ agent_run() aroot=${__OCFT__MYROOT:-$__OCFT__AGENT_ROOT} - setsid $aroot/$agent $cmd >/tmp/.ocft_runlog 2>&1 & + setsid $aroot/$agent $cmd >${HA_RSCTMP}/.ocft_runlog 2>&1 & pid=$! i=0 @@ -111,7 +111,7 @@ agent_run() kill -SIGKILL -$pid >/dev/null 2>&1 echo -n "${__OCFT__showhost}ERROR: The agent was hanging, killed it, " echo "maybe you damaged the agent or system's environment, see details below:" - cat /tmp/.ocft_runlog + cat ${HA_RSCTMP}/.ocft_runlog echo quit 1 fi @@ -174,7 +174,7 @@ backbash_start() fi ssh root@$host '@BASH_SHELL@ 2>&1 - sed "s/00/001/g" /tmp/.backbash-log + sed "s/00/001/g" ${HA_RSCTMP}/.backbash-log echo 000 echo 1' >$__OCFT__CASES_DIR/${host}_r <$__OCFT__CASES_DIR/${host}_w & @@ -203,8 +203,8 @@ EOF cat >&$wfd cat >&$wfd <<EOF -} >&/tmp/.backbash-log -sed 's/00/001/g' /tmp/.backbash-log +} >&${HA_RSCTMP}/.backbash-log +sed 's/00/001/g' ${HA_RSCTMP}/.backbash-log echo 000 echo 0 EOF From 82d29f5d226712b84aea9b73515a8bd5ebcca674 Mon Sep 17 00:00:00 2001 From: Nick Wang <nwang@suse.com> Date: Thu, 19 Mar 2020 14:50:42 +0800 Subject: [PATCH 1/2] Correct the output varible of oradg.sh.in --- rgmanager/src/resources/oradg.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rgmanager/src/resources/oradg.sh.in b/rgmanager/src/resources/oradg.sh.in index 955f93e18..b55233b96 100644 --- a/rgmanager/src/resources/oradg.sh.in +++ b/rgmanager/src/resources/oradg.sh.in @@ -195,7 +195,7 @@ stop_db() { fi # If we see 'ORA-' or 'failure' in stdout, we're done. - if [[ "$startup_stdout" =~ "ORA-" ]] || [[ "$startup_stdout" =~ "failure" ]]; then + if [[ "$stop_stdout" =~ "ORA-" ]] || [[ "$stop_stdout" =~ "failure" ]]; then ocf_log error "Stopping Oracle DB $ORACLE_SID failed, errors in stdout" return 1 fi From afb4269626379ade82bd0c155f7a11cd3f0d37b1 Mon Sep 17 00:00:00 2001 From: Nick Wang <nwang@suse.com> Date: Wed, 18 Mar 2020 22:26:56 +0800 Subject: [PATCH 2/2] ocft drbd.linbit: Make secure tmp file (#1467) --- tools/ocft/drbd.linbit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ocft/drbd.linbit b/tools/ocft/drbd.linbit index 4cc5519b4..57fa088e9 100644 --- a/tools/ocft/drbd.linbit +++ b/tools/ocft/drbd.linbit @@ -7,7 +7,7 @@ CONFIG HangTimeout 20 VARIABLE - DRBDCONF=/tmp/ocft_drbd_tmp.conf + DRBDCONF=${HA_RSCTMP}/ocft_drbd_tmp.conf # should be this machine's hostname/ip, please modify it by yourself. NAME_1=HOSTNAME1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor