pool/fail2ban
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
468576c430
fail2ban/fix-tmp-usage.diff
Stephan Kulow f2a704eb1b - Use /var/run/fail2ban instead of /tmp for temp files in 
actions: see bugs.debian.org/544232, bnc#690853,
  CVE-2009-5023

OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=11
2011-09-01 14:09:21 +00:00

61 lines
2.4 KiB
Diff
Raw Blame History

From: yarikoptic <yarikoptic@a942ae1a-1317-0410-a47c-b1dcaea8d605>
Date: Wed, 23 Mar 2011 20:35:56 +0000 (+0000)
Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see http://bugs...
X-Git-Tag: upstream/0.8.4+svn20110323^2~8
X-Git-Url: http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b
BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see bugs.debian.org/544232
It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index b80698b..8549a55 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -206,5 +206,5 @@ dest = reports@dshield.org
# Notes.: Base name of temporary files used for buffering
# Values: [ STRING ] Default: /tmp/fail2ban-dshield
#
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield
diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
index 8a33d0e..6fd51d2 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -81,7 +81,7 @@ lines = 5
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
# Destination/Addressee of the mail
#
diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf
index 15b91b1..f0e5515 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp
# Notes.: Base name of temporary files
# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman
#
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf
index de8166a..25a23b7 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -101,5 +101,5 @@ lines = 5
# Default temporary file
#
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
Reference in New Issue View Git Blame Copy Permalink