From: Sage Weil <sage@inktank.com>
Date: Fri, 22 Mar 2013 20:25:23 +0000 (-0700)
Subject: mkcephfs: make remote temp directory name unique
X-Git-Tag: v0.56.4~8
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=dd670afccfd3ae58c03ea3b4c213dd8db22f618e;p=ceph.git

mkcephfs: make remote temp directory name unique

The predictable file name is a security problem.

CVE-2013-1882

Reported-by: Michael Scherer <misc@zarb.org>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Dan Mick <dan.mick@inktank.com>
(cherry picked from commit f463ef78d77b11b5ad78b31e9a3a88d0a6e62bca)
---

diff --git a/src/mkcephfs.in b/src/mkcephfs.in
index 446d56872e85..93a5fa6c1c11 100644
--- a/src/mkcephfs.in
+++ b/src/mkcephfs.in
@@ -475,7 +475,8 @@ if [ $allhosts -eq 1 ]; then
 	check_host || continue
 
 	if [ -n "$ssh" ]; then
-	    rdir="/tmp/mkfs.ceph.$$"
+	    unique=`dd if=/dev/urandom bs=16 count=1 2>/dev/null | md5sum | awk '{print $1}'`
+	    rdir="/tmp/mkfs.ceph.$unique"
 	    echo pushing conf and monmap to $host:$rdir
 	    do_cmd "mkdir -p $rdir"
 	    scp -q $dir/conf $host:$rdir