[8529] in bugtraq
Bootpd 2.4.3 tmp race
daemon@ATHENA.MIT.EDU (Marcelo Tosatti)
Fri Nov 13 13:30:25 1998
Date: Thu, 12 Nov 1998 06:13:03 -0200
Reply-To: Marcelo Tosatti <marcelo@CONECTIVA.COM.BR>
From: Marcelo Tosatti <marcelo@CONECTIVA.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
Sorry if this is already known.
I found a tmp race in bootpd 2.4.3.
If the user do not specify a file to dump the database, bootpd will try to
dump it in /tmp/bootpd.dump.
Here goes the fix :
diff -Nur bootp-2.4.3.orig/bootpd.c bootp-2.4.3/bootpd.c
--- bootp-2.4.3.orig/bootpd.c Mon Mar 27 18:38:35 1995
+++ bootp-2.4.3/bootpd.c Thu Nov 12 05:57:39 1998
@@ -91,11 +91,9 @@
#ifndef CONFIG_FILE
#define CONFIG_FILE "/etc/bootptab"
#endif
-#qifndef DUMPTAB_FILE
-#define DUMPTAB_FILE "/tmp/bootpd.dump"
-#endif
-
+char DUMPTAB_FILE [] = "/tmp/bootpd.dump.XXXXXX";
+
/*
* Externals, forward declarations, and global variables
@@ -369,7 +367,8 @@
if (argc > 1)
bootpd_dump = argv[1];
-
+ else
+ mktemp(DUMPTAB_FILE);
/*
* Get my hostname and IP address.
*/
Marcelo Tosatti
Conectiva Internet Solutions