From: Sage Weil <sage@inktank.com>
Date: Fri, 22 Mar 2013 20:25:33 +0000 (-0700)
Subject: init-ceph: push temp conf file to a unique location on remote host
X-Git-Tag: v0.60~19
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=051734522fea92878dd8139f28ec4e6b01371ede;p=ceph.git

init-ceph: push temp conf file to a unique location on remote host

The predictable file name is a security problem.

CVE-2013-1882

Reported-by: Michael Scherer <misc@zarb.org>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Dan Mick <dan.mick@inktank.com>
---

diff --git a/src/init-ceph.in b/src/init-ceph.in
index 5c04dd036f5e..029aa78840b7 100644
--- a/src/init-ceph.in
+++ b/src/init-ceph.in
@@ -216,11 +216,12 @@ for name in $what; do
     if [ "$host" = "$hostname" ]; then
 	cur_conf=$conf
     else
+	unique=`dd if=/dev/urandom bs=16 count=1 2>/dev/null | md5sum | awk '{print $1}'`
 	if echo $pushed_to | grep -v -q " $host "; then
-	    scp -q $conf $host:/tmp/ceph.conf.$$
+	    scp -q $conf $host:/tmp/ceph.conf.$unique
 	    pushed_to="$pushed_to $host "
 	fi
-	cur_conf="/tmp/ceph.conf.$$"
+	cur_conf="/tmp/ceph.conf.$unique"
     fi
     cmd="$cmd -c $cur_conf"