Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
open-iscsi
open-iscsi-do-not-use-temp-file-in-iscsi_discovery
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File open-iscsi-do-not-use-temp-file-in-iscsi_discovery of Package open-iscsi
From 3aa33913384d5dd99ac274f96e49115b56ba36ac Mon Sep 17 00:00:00 2001 From: Hannes Reinecke <hare@suse.de> Date: Wed, 19 Aug 2009 12:36:26 +0200 Subject: [PATCH] Do not use temp file in iscsi_discovery The iscsi_discovery shell script, typically run as root, contains the following code: df=/tmp/discovered.$$ dbg "starting discovery to $ip" iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df} This is a standard security vulnerability and should be replaced by use of mktemp or shell variables. References: bnc#528711 Signed-off-by: Hannes Reinecke <hare@suse.de> --- utils/iscsi_discovery | 10 ++++------ 1 files changed, 4 insertions(+), 6 deletions(-) diff --git a/utils/iscsi_discovery b/utils/iscsi_discovery index 3c6edf3..4fb3a66 100755 --- a/utils/iscsi_discovery +++ b/utils/iscsi_discovery @@ -104,24 +104,22 @@ discover() connected=0 discovered=0 - df=/tmp/discovered.$$ dbg "starting discovery to $ip" - iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df} - while read portal target + disc="$(iscsiadm -m discovery --type sendtargets --portal ${ip}:${port})" + echo "${disc}" | while read portal target do portal=${portal%,*} select_transport - done < ${df} + done - discovered=$(cat ${df} | wc -l) + discovered=$(echo "${disc}" | wc -l) if [ ${discovered} = 0 ]; then echo "failed to discover targets at ${ip}" exit 2 else echo "discovered ${discovered} targets at ${ip}" fi - /bin/rm -f ${df} } try_login() -- 1.6.0.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor