I've accepted this package into intrepid because there's no freeze justification for not doing so, but this is *not* a security fix:
[...] - if (length_of_file(MINDI_CACHE"/changed.files") > 2) { + + if (length_of_file("/tmp/changed.files") > 2) { [...]
system("rm -f /var/cache/mondo-archive/last-backup.aborted"); + system("rm -Rf /tmp.mondo.* /mondo.scratch.*"); if (!retval) {
[...]
log_if_success = TRUE; log_if_failure = TRUE; } - sprintf(callstr, "%s > %s/mondo-run-prog-thing.tmp 2> %s/mondo-run-prog-thing.err", - program, g_mondo_tmpdir, g_mondo_tmpdir); + sprintf(callstr, "%s > /tmp/mondo-run-prog-thing.tmp 2> /tmp/mondo-run-prog-thing.err", + program); while ((p = strchr(callstr, '\r'))) { *p = ' '; } [...] }
printf("---FATALERROR--- %s\n", error_string); + sprintf(command, "gzip -9c %s > /tmp/MA.log.gz 2> /dev/null", MONDO_LOGFILE); - sprintf(command, "gzip -9c %s > %s/MA.log.gz 2> /dev/null", MONDO_LOGFILE, MINDI_CACHE); system(command); printf ("If you require technical support, please contact the mailing list.\n"); [...]
Using predictable filenames under /tmp is wrong, and at least some of these changes do *exactly* the wrong thing with /tmp.
Reopening the bug.
I've accepted this package into intrepid because there's no freeze justification for not doing so, but this is *not* a security fix:
[...] of_file( MINDI_CACHE" /changed. files") > 2) { of_file( "/tmp/changed. files") > 2) {
- if (length_
+
+ if (length_
[...]
system("rm -f /var/cache/ mondo-archive/ last-backup. aborted" );
+ system("rm -Rf /tmp.mondo.* /mondo.scratch.*");
if (!retval) {
[...]
}
- sprintf(callstr, "%s > %s/mondo-
- program, g_mondo_tmpdir, g_mondo_tmpdir);
+ sprintf(callstr, "%s > /tmp/mondo-
+ program);
while ((p = strchr(callstr, '\r'))) {
*p = ' ';
}
[...]
}
+ sprintf(command, "gzip -9c %s > /tmp/MA.log.gz 2> /dev/null", MONDO_LOGFILE);
- sprintf(command, "gzip -9c %s > %s/MA.log.gz 2> /dev/null", MONDO_LOGFILE, MINDI_CACHE);
[...]
Using predictable filenames under /tmp is wrong, and at least some of these changes do *exactly* the wrong thing with /tmp.
Reopening the bug.