vdr/vdradmin/debian/patches 02_tmpfiles.dpatch 00list
Thomas Schmidt
pkg-vdr-dvb-changes@lists.alioth.debian.org
Sat, 18 Dec 2004 11:48:06 +0000
Update of /cvsroot/pkg-vdr-dvb/vdr/vdradmin/debian/patches
In directory haydn:/tmp/cvs-serv30953/vdr/vdradmin/debian/patches
Modified Files:
00list
Added Files:
02_tmpfiles.dpatch
Log Message:
* changed permissions of cfg-file to 600 on new installations
* changed path of tmp-files to prevent symlink-attacks
Index: 00list
===================================================================
RCS file: /cvsroot/pkg-vdr-dvb/vdr/vdradmin/debian/patches/00list,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- 00list 27 May 2004 15:08:45 -0000 1.1
+++ 00list 18 Dec 2004 11:48:03 -0000 1.2
@@ -1 +1,2 @@
01_dist-var
+02_tmpfiles
--- NEW FILE: 02_tmpfiles.dpatch ---
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_tmpfiles.dpatch by Thomas Schmidt <thomas.schmidt@in.stud.tu-ilmenau.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Security-patch: Change the path of the temporary files,
## DP: which vdradmin creates, to prevent possible symlink-attacks
@DPATCH@
diff -urNad vdradmin/vdradmind.pl /tmp/dpep.TS5pni/vdradmin/vdradmind.pl
--- vdradmin/vdradmind.pl 2004-05-27 16:34:55.000000000 +0200
+++ /tmp/dpep.TS5pni/vdradmin/vdradmind.pl 2004-12-18 12:39:00.000000000 +0100
@@ -659,7 +659,7 @@
sub GZip {
my $content = shift;
- my $filename = "/tmp/vdradmin." . time();
+ my $filename = "/var/cache/vdradmin/vdradmin." . time();
open(PIPE, "| gzip -9 - > $filename") || die "cant open pipe to gzip ($!)";
print PIPE $$content;
close(PIPE);
@@ -3038,7 +3038,7 @@
#############################################################################
sub grab_picture {
my $size = $q->param("size");
- my $file = "/tmp/vdr.jpg";
+ my $file = "/var/cache/vdradmin/vdr.jpg";
my $maxwidth = 768;
my $maxheight = 576;
my($width, $height);