1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
Description: Don't use predictable names for temporary files
This allows an attacker on a multi-user system to set up symlinks to
overwrite any file the current user has write access to.
.
Don't recommend users of this module to use predictable names either.
Origin: backport, https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1267962
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2015-11-26
Applied-Upstream: 1.6
---
lib/IPTables/Parse.pm | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/lib/IPTables/Parse.pm
+++ b/lib/IPTables/Parse.pm
@@ -17,6 +17,7 @@ package IPTables::Parse;
use 5.006;
use POSIX ":sys_wait_h";
use Carp;
+use File::Temp;
use strict;
use warnings;
use vars qw($VERSION);
@@ -29,8 +30,8 @@ sub new() {
my $self = {
_iptables => $args{'iptables'} || $args{'ip6tables'} || '/sbin/iptables',
- _iptout => $args{'iptout'} || '/tmp/ipt.out',
- _ipterr => $args{'ipterr'} || '/tmp/ipt.err',
+ _iptout => $args{'iptout'} || mktemp('/tmp/ipt.out.XXXXXX'),
+ _ipterr => $args{'ipterr'} || mktemp('/tmp/ipt.err.XXXXXX'),
_ipt_alarm => $args{'ipt_alarm'} || 30,
_debug => $args{'debug'} || 0,
_verbose => $args{'verbose'} || 0,
@@ -701,8 +702,6 @@ IPTables::Parse - Perl extension for par
my %opts = (
'iptables' => $ipt_bin,
- 'iptout' => '/tmp/iptables.out',
- 'ipterr' => '/tmp/iptables.err',
'debug' => 0,
'verbose' => 0
);
|
