Re: security fix for local/fixproc (Bug 1203376)
This is a discussion on Re: security fix for local/fixproc (Bug 1203376) within the SNMP Coders forums, part of the Networking and Network Related category; >>>>> On Mon, 23 May 2005 13:15:27 -0400, Alex Burger <alex_b@users.sourceforge....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-23-2005
|
|||
|
|||
Re: security fix for local/fixproc (Bug 1203376)
>>>>> On Mon, 23 May 2005 13:15:27 -0400, Alex Burger <alex_b@users.sourceforge.net> said:
Alex> How about using Perl's mkstemp() instead? It is part of File::Temp. Alex> http://perldoc.perl.org/File/Temp.html Proposal: Objections? Index: fixproc ================================================== ================= RCS file: /cvsroot/net-snmp/net-snmp/local/fixproc,v retrieving revision 5.0 diff -u -r5.0 fixproc --- fixproc 20 Apr 2002 07:30:13 -0000 5.0 +++ fixproc 23 May 2005 19:56:17 -0000 @@ -129,6 +129,8 @@ # # Timothy Kong 3/1995 +use File::Temp qw(tempfile); + $database_file = '/local/etc/fixproc.conf'; $debug = 0; # specify debug level using -dN @@ -191,20 +193,19 @@ sub create_sh_script { local ($file) = pop (@_); + local ($fh) = pop (@_); local ($i) = pop (@_); - printf (stderr "create_sh_script\n") if ($debug > 0); + printf (STDERR "create_sh_script\n") if ($debug > 0); $! = $fixproc_error; - open (file, ">"."$file") || die "$0: cannot open $file\n"; while ( $shell_lines[$i] ne $shell_end_marker ) { - printf (file "%s", $shell_lines[$i]); + printf ($fh "%s", $shell_lines[$i]); $i++; } - close (file); - system "chmod +x $file"; - return file; + close ($fh); + chmod 0755, $file; } @@ -212,7 +213,7 @@ { local ($proc) = pop(@_); - printf (stderr "do_fix\n") if ($debug > 0); + printf (STDERR "do_fix\n") if ($debug > 0); if ($fix{$proc} eq '') { @@ -230,14 +231,13 @@ else { # it must be "shell", so execute the shell script defined in database + local ($tmpfh, $tmpfile) = tempfile("fix_XXXXXXXX", DIR => "/tmp"); - local ($tmpfile) = "/tmp/fix_$$"; - - &create_sh_script ($fix{$proc}, $tmpfile); + &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile); # return code is number divided by 256 $error_code = (system "$tmpfile") / 256; - system "rm $tmpfile"; + unlink($tmpfile); return ($fix_failed_error) if ($error_code != 0); # sleep needed here? return &do_exist ($proc); @@ -249,7 +249,7 @@ { local ($proc) = pop(@_); - printf (stderr "do_check\n") if ($debug > 0); + printf (STDERR "do_check\n") if ($debug > 0); if ($check{$proc} eq '') { @@ -262,13 +262,13 @@ # if not "exist", then it must be "shell", so execute the shell script # defined in database - local ($tmpfile) = "/tmp/check_$$"; + local ($tmpfh, $tmpfile) = tempfile("check_XXXXXXXX", DIR => "/tmp"); - &create_sh_script ($check{$proc}, $tmpfile); + &create_sh_script ($fix{$proc}, $tmpfh, $tmpfile); # return code is number divided by 256 $error_code = (system "$tmpfile") / 256; - system "rm $tmpfile"; + unlink($tmpfile); return ($check_failed_error) if ($error_code != 0); # check passed, continue @@ -281,13 +281,13 @@ { local ($proc) = pop(@_); - printf (stderr "do_exist\n") if ($debug > 0); + printf (STDERR "do_exist\n") if ($debug > 0); # do ps, check to see if min <= no. of processes <= max $! = $fixproc_error; - open (command, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |") + open (COMMAND, "/bin/ps -e | /bin/grep $proc | /bin/wc -l |") || die "$0: can't run ps-grep-wc command\n"; - $proc_count = <command>; + $proc_count = <COMMAND>; if (($proc_count < $min{$proc}) || ($proc_count > $max{$proc})) { return $check_failed_error; @@ -301,13 +301,13 @@ local ($proc) = pop(@_); local ($second_kill_needed); - printf (stderr "do_kill\n") if ($debug > 0); + printf (STDERR "do_kill\n") if ($debug > 0); # first try kill $! = $fixproc_error; - open (command, "/bin/ps -e | /bin/grep $proc |") + open (COMMAND, "/bin/ps -e | /bin/grep $proc |") || die "$0: can't run ps-grep-awk command\n"; - while (<command>) + while (<COMMAND>) { # match the first field of ps -e $! = $fixproc_error; @@ -318,10 +318,10 @@ # if process still exist, try kill -9 sleep 2; $! = $fixproc_error; - open (command, "/bin/ps -e | /bin/grep $proc |") + open (COMMAND, "/bin/ps -e | /bin/grep $proc |") || die "$0: can't run ps-grep-awk command\n"; $second_kill_needed = 0; - while (<command>) + while (<COMMAND>) { # match the first field of ps -e $! = $fixproc_error; @@ -334,9 +334,9 @@ # see if kill -9 worked sleep 2; $! = $fixproc_error; - open (command, "/bin/ps -e | /bin/grep $proc |") + open (COMMAND, "/bin/ps -e | /bin/grep $proc |") || die "$0: can't run ps-grep-awk command\n"; - while (<command>) + while (<COMMAND>) { # a process still exist, return error return $cannot_kill_error; } @@ -349,7 +349,7 @@ local ($proc) = pop(@_); local ($error_code); - printf (stderr "do_restart\n") if ($debug > 0); + printf (STDERR "do_restart\n") if ($debug > 0); $error_code = &do_kill ($proc); return $error_code if ($error_code != $no_error); @@ -369,7 +369,7 @@ local ($proc) = pop(@_); local ($error_code); - printf (stderr "work_on_proc\n") if ($debug > 0); + printf (STDERR "work_on_proc\n") if ($debug > 0); if ($cmd_line_action eq '') { @@ -475,8 +475,8 @@ local ($str2); $! = $fixproc_error; - open (db, $database_file) || die 'cannot open database file $database_file\n'; - while (<db>) + open (DB, $database_file) || die 'cannot open database file $database_file\n'; + while (<DB>) { if ((! /\S/) || (/^[ \t]*#.*$/)) { -- Wes Hardaker Sparta, Inc. ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/...et-snmp-coders 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 02:42 PM.
