diff options
| author | Sage Weil <sage@inktank.com> | 2013-03-22 13:25:33 -0700 |
|---|---|---|
| committer | Sage Weil <sage@inktank.com> | 2013-03-22 17:46:04 -0700 |
| commit | 951f7e562afb4ae91b8d037ef793a96779461e96 (patch) | |
| tree | c00c3a8cbf90012d1da83d3b83eee4d3ab9a703c | |
| parent | dd670afccfd3ae58c03ea3b4c213dd8db22f618e (diff) | |
| download | ceph-951f7e562afb4ae91b8d037ef793a96779461e96.tar.gz | |
init-ceph: push temp conf file to a unique location on remote host
The predictable file name is a security problem.
CVE-2013-1882
Reported-by: Michael Scherer <misc@zarb.org>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Dan Mick <dan.mick@inktank.com>
(cherry picked from commit 051734522fea92878dd8139f28ec4e6b01371ede)
| -rw-r--r-- | src/init-ceph.in | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/init-ceph.in b/src/init-ceph.in index f7b85b131e8..0a0cb13546b 100644 --- a/src/init-ceph.in +++ b/src/init-ceph.in @@ -212,11 +212,12 @@ for name in $what; do if [ "$host" = "$hostname" ]; then cur_conf=$conf else + unique=`dd if=/dev/urandom bs=16 count=1 2>/dev/null | md5sum | awk '{print $1}'` if echo $pushed_to | grep -v -q " $host "; then - scp -q $conf $host:/tmp/ceph.conf.$$ + scp -q $conf $host:/tmp/ceph.conf.$unique pushed_to="$pushed_to $host " fi - cur_conf="/tmp/ceph.conf.$$" + cur_conf="/tmp/ceph.conf.$unique" fi cmd="$cmd -c $cur_conf" |