1
BugClosed: http://bugs.debian.org/508942
2
Description: This patch fixes tmpfile issues reported in CVE-2008-5378
8
tmp=`mktemp -t arb_fdnaml_XXXXXXXXXX`
9
+pidfile=`mktemp -p /tmp foo_${USER}_${PPID}_XXXXXX`
13
-/bin/echo "$sig $$ \c" >>/tmp/arb_pids_${USER}_${ARB_PID}
14
+/bin/echo "$sig $$ \c" >>"$pidfile"
16
# echo $tmp not deleted for debugging purposes
21
pidfiles=/tmp/arb_pids_${USER}_${ARB_PID}
24
-if [ "\"X$pidfiles\"" != "X" ]; then
25
+# Make sure files to remove are no symbolic links
26
+if [ "\"X$pidfiles\"" != "X" -a -f "$pidfiles" ]; then
27
kill -9 `cat $pidfiles` >/dev/null 2>&1
31
-rm -f /tmp/arb_*_${USER}_${ARB_PID}*
32
+for pidfile in /tmp/arb_*_${USER}_${ARB_PID}* ; do
33
+ if [ -f "$pidfile" ] ; then
39
@@ -21,7 +21,9 @@ echo " There may be more than one datab
40
echo " --------------------------------"
42
for i in $chooser ; do
43
- /bin/echo " - >" `ls $i` "<";
44
+ if [ ! -L "$i" ] ; then
45
+ /bin/echo " - >" `ls $i` "<";
48
echo " --------------------------------"
50
@@ -29,19 +31,21 @@ seperator
51
echo "Please choose one line and enter the rightmost number"
54
-if [ ! -f /tmp/arb_pids_${USER}_${ARB_PID} ]; then
55
- err "Incorrect Choice"
57
+for arbpid in /tmp/arb_pids_${USER}_${ARB_PID}* ; do
58
+ if [ ! -f "$arbpid" ]; then
59
+ err "Incorrect Choice"
64
echo "Please enter full path (to save DB):"
67
-panicfile="/tmp/arb_panic_${USER}_${ARB_PID}"
68
+panicfile=`mktemp -p /tmp arb_panic_${USER}_${ARB_PID}_XXXXXX`
70
echo "$FILE" >$panicfile
72
-for i in `cat /tmp/arb_pids_${USER}_${ARB_PID}`; do
73
+for i in `cat /tmp/arb_pids_${USER}_${ARB_PID}*`; do
74
echo "[Sending SIGHUP to pid $i]"
75
if kill -HUP $i 2>/dev/null; then