Browse code
Remove references to hardcoded file writing in /tmp
/tmp is a world writeable directory, so using hardcoded filenames
in there is just a bad coding style (susceptible to symlink attacks).
Avoid using it to not give a bad precedent.
Change-Id: Ia66763a0e4714f2226e98dbd85600b2035bd5088
Dirk Mueller authored on 2018/03/03 05:13:12Showing 2 changed files
| ... | ... |
@@ -810,13 +810,11 @@ function get_random_port {
|
| 810 | 810 |
# |
| 811 | 811 |
# Write out various useful state information to /etc/devstack-version |
| 812 | 812 |
function write_devstack_version {
|
| 813 |
- cat - > /tmp/devstack-version <<EOF |
|
| 813 |
+ cat - <<EOF | sudo tee /etc/devstack-version >/dev/null |
|
| 814 | 814 |
DevStack Version: ${DEVSTACK_SERIES}
|
| 815 | 815 |
Change: $(git log --format="%H %s %ci" -1) |
| 816 | 816 |
OS Version: ${os_VENDOR} ${os_RELEASE} ${os_CODENAME}
|
| 817 | 817 |
EOF |
| 818 |
- sudo install -m 644 /tmp/devstack-version /etc/devstack-version |
|
| 819 |
- rm /tmp/devstack-version |
|
| 820 | 818 |
} |
| 821 | 819 |
|
| 822 | 820 |
# Restore xtrace |
| ... | ... |
@@ -962,17 +962,15 @@ fi |
| 962 | 962 |
if [[ $SYSLOG != "False" ]]; then |
| 963 | 963 |
if [[ "$SYSLOG_HOST" = "$HOST_IP" ]]; then |
| 964 | 964 |
# Configure the master host to receive |
| 965 |
- cat <<EOF >/tmp/90-stack-m.conf |
|
| 965 |
+ cat <<EOF | sudo tee /etc/rsyslog.d/90-stack-m.conf >/dev/null |
|
| 966 | 966 |
\$ModLoad imrelp |
| 967 | 967 |
\$InputRELPServerRun $SYSLOG_PORT |
| 968 | 968 |
EOF |
| 969 |
- sudo mv /tmp/90-stack-m.conf /etc/rsyslog.d |
|
| 970 | 969 |
else |
| 971 | 970 |
# Set rsyslog to send to remote host |
| 972 |
- cat <<EOF >/tmp/90-stack-s.conf |
|
| 971 |
+ cat <<EOF | sudo tee /etc/rsyslog.d/90-stack-s.conf >/dev/null |
|
| 973 | 972 |
*.* :omrelp:$SYSLOG_HOST:$SYSLOG_PORT |
| 974 | 973 |
EOF |
| 975 |
- sudo mv /tmp/90-stack-s.conf /etc/rsyslog.d |
|
| 976 | 974 |
fi |
| 977 | 975 |
|
| 978 | 976 |
RSYSLOGCONF="/etc/rsyslog.conf" |