[ewg] [PATCH] security fix in openibd script

[Vladimir Sokolovsky]

On 10/22/2010 12:50 AM, Jay Lan wrote:
> # Dale Talcott of NASA Ames submitted a bug report and his patch to SGI.
> # I herein submitted this patch for him. The patch is against 1.5.2 -
> jlan at sgi.com
>
>
> The openibd startup script from the OFED rpm includes the following code to
> create a script that it runs in the background:
>
> ...
> cat << EOF >> /tmp/ib_set_node_desc.sh
> #!/bin/bash
>
> # Wait while node's hostname is set
> sleep 10
> # Add node description to sysfs
> IBSYSDIR="/sys/class/infiniband"
> if [ -d \${IBSYSDIR} ]; then
> declare -i hca_id=1
> for hca in \${IBSYSDIR}/*
> do
> if [ -e \${hca}/node_desc ]; then
> logger -i "Set node_desc for \$(basename \$hca): \$(hostname -s)
> HCA-\${hca_id}"
> echo -n "\$(hostname -s) HCA-\${hca_id}" >> \${hca}/node_desc
> fi
> let hca_id++
> done
> fi
> /bin/rm -f \$0
> EOF
>
> chmod 755 /tmp/ib_set_node_desc.sh
> /tmp/ib_set_node_desc.sh > /dev/null 2>&1 &
>
> The problems with this startup script are many, but the security issue
> is that
> the script, while running as root during system startup, writes to a
> predictable file name in /tmp (/tmp/ib_set_node_desc.sh). If a user
> creates a
> symlink with that path ahead of time, the next reboot can clobber any
> file root
> has access to.
>
> There are several fixes, but one is to avoid the use of the temporary file
> altogether.
>
>
> Signed-off-by: Jay Lan <jlan at sgi.com>
>
>


Hi Jay,
The purpose of creating a temporary script for setting node description was to avoid blocking (sleep 10) of the openibd script.
So, as a solution I propose to use a script with randomly created name (mktemp /tmp/ib_set_node_desc.XXXXXXXX).
What do you think?

Regards,
Vladimir