Package: mindi Version: 0.58.r5 Author: Guillem Jover Status: applied Description: Adapt patch from Debian BTS to correct insecure temporal dir creation. diff -u -r mindi-0.58.r5/mindi mindi-patched/mindi --- mindi-0.58.r5/mindi Tue Jul 29 19:00:46 2003 +++ mindi-patched/mindi Tue Jul 29 20:36:31 2003 @@ -3,7 +3,7 @@ MINDI_VER=0.58 LILO_OPTIONS="" ; # change to "-c" if your BIOS is really groovy EXTRA_SPACE=8192 ; # increase if you run out of ramdisk space -TMP_ROOT=/tmp +TMP_ROOT=`mktemp -d` @@ -318,9 +318,9 @@ mountpoint=$TMP_ROOT/mointpoint.$$ mkdir -p $mountpoint dd if=/dev/zero of=$imagefile bs=1k count=1440 > /dev/null 2> /dev/null || LogIt "Cannot dd (CODI)\n" - mke2fs -N 12 -F $imagefile > /tmp/mke2fs.$$ 2>> /tmp/mke2fs.$$ - [ "$?" -ne "0" ] && cat /tmp/mke2fs.$$ - rm -f /tmp/mke2fs.$$ + mke2fs -N 12 -F $imagefile > $TMP_ROOT/mke2fs.$$ 2>> $TMP_ROOT/mke2fs.$$ + [ "$?" -ne "0" ] && cat $TMP_ROOT/mke2fs.$$ + rm -f $TMP_ROOT/mke2fs.$$ mount -t ext2 -o loop $imagefile $mountpoint || Die "Can't loopmount $mountpoint" mv $tarball $mountpoint/ if [ "$?" -ne "0" ] ; then @@ -354,16 +354,16 @@ my_partitions=`mount | grep $$ | cut -f1 -d' '` [ "$my_partitions" != "" ] && umount $my_partitions [ "$TMP_ROOT" != "/tmp" ] && rm -Rf $TMP_ROOT - cd /tmp + cd $TMP_ROOT mkdir -p mindi.err - for i in /tmp/mindi-needlist.txt /etc/fstab /etc/lilo.conf /etc/raidtab $LOGFILE /var/log/mondo-archive.log /tmp/mountlist.txt.$$ ; do + for i in $TMP_ROOT/mindi-needlist.txt /etc/fstab /etc/lilo.conf /etc/raidtab $LOGFILE /var/log/mondo-archive.log $TMP_ROOT/mountlist.txt.$$ ; do [ -e "$i" ] && cp -f $i mindi.err/ done rm -f mindi.err.*.tgz tar -c mindi.err -f- | gzip -9 > mindi.err.$$.tgz cd / - rm -Rf mindi.err /tmp/mountlist.txt.$$ - LogIt "Please e-mail a copy of /tmp/mindi.err.$$.tgz to the author at" + rm -Rf mindi.err $TMP_ROOT/mountlist.txt.$$ + LogIt "Please e-mail a copy of $TMP_ROOT/mindi.err.$$.tgz to the author at" LogIt "hugo@firstlinux.net; author can and will render assistance only to" LogIt "users who supply the above file or a copy of $LOGFILE." LogIt "Please make sure you have read the FAQ, the manual, the log itself" @@ -407,7 +407,7 @@ done cat $filelist | sort | gawk '{ print $1; }' | uniq > $filelist.tmp mv -f $filelist.tmp $filelist -# cp $filelist /tmp/what-we-need.txt +# cp $filelist $TMP_ROOT/what-we-need.txt echo -e "$DONE" } @@ -803,7 +803,7 @@ } -# Called by TurnTgzIntoRdz, to make /tmp/mondo-restore.cfg +# Called by TurnTgzIntoRdz, to make $TMP_ROOT/mondo-restore.cfg MakeMondoConfigFile() { local outfile use_lzo @@ -1067,17 +1067,17 @@ cp $1/{*.img,*.gz} $TMP_ROOT/iso/images || LogIt "[line 857] cannot copy $i to $TMP_ROOT/iso/images" old_pwd=`pwd` cd $TMP_ROOT/iso - mkisofs -b images/mindi-boot.2880.img -c boot.cat -r . > $imagesdir/mindi.iso 2> /tmp/$$.mk + mkisofs -b images/mindi-boot.2880.img -c boot.cat -r . > $imagesdir/mindi.iso 2> $TMP_ROOT/$$.mk if [ "$?" -ne "0" ] ; then echo "----------- mkisofs's errors --------------" >> $LOGFILE - cat /tmp/$$.mk >> $LOGFILE + cat $TMP_ROOT/$$.mk >> $LOGFILE echo "mkisofs returned the following errors:-" - cat /tmp/$$.mk + cat $TMP_ROOT/$$.mk LogIt "Failed to create ISO image." else echo "Created bootable ISO image at $imagesdir/mindi.iso" >> $LOGFILE fi - rm -f /tmp/$$.mk + rm -f $TMP_ROOT/$$.mk cd $old_pwd } @@ -1106,9 +1106,9 @@ mountpoint=$TMP_ROOT/mointpoint.$$ mkdir -p $mountpoint dd if=/dev/zero of=$imagefile bs=1k count=$disksize > /dev/null 2> /dev/null || Die "Cannot dd blank file" - mke2fs -N 26 -m 0 -F $imagefile > /tmp/mke2fs.$$ 2>> /tmp/mke2fs.$$ - [ "$?" -ne "0" ] && cat /tmp/mke2fs.$$ - rm -f /tmp/mke2fs.$$ + mke2fs -N 26 -m 0 -F $imagefile > $TMP_ROOT/mke2fs.$$ 2>> $TMP_ROOT/mke2fs.$$ + [ "$?" -ne "0" ] && cat $TMP_ROOT/mke2fs.$$ + rm -f $TMP_ROOT/mke2fs.$$ mount -t ext2 -o loop $imagefile $mountpoint || LogIt "Cannot mount (PBDI)\n" # copy Mindi's skeleton fs & lilo/syslinux/whatever stuff into it > $mountpoint/lilo.conf @@ -1172,7 +1172,7 @@ # [ "$CDRECOVERY" = "yes" ] && outstr=$outstr" alias=RESTORE\n" echo -en "$outstr" >> $mountpoint/lilo.conf done -# cp -f $mountpoint/lilo.conf /tmp || LogIt "[line 953] cannot copy $mountpoint/lilo.conf to /tmp" +# cp -f $mountpoint/lilo.conf $TMP_ROOT || LogIt "[line 953] cannot copy $mountpoint/lilo.conf to $TMP_ROOT" cp -f $TMP_ROOT/mindi.rdz $mountpoint if [ "$?" -ne "0" ] ; then LogIt "Failed to copy $TMP_ROOT/mindi.rdz to $mountpoint" @@ -1182,7 +1182,7 @@ Die "Cannot incorporate mindi.rdz in bootdisk (kernel / modules too big?)" fi cat $MINDI_HOME/msg-txt | sed s/ZZZZZ/$MINDI_VER/ | sed s/YYYYY/"Mondo Rescue"/ | sed s/XXXXX/"a cousin of"/ | sed s/DDDDD/"`cat /etc/issue.net | grep -i "linux" | head -n1 | tr ' ' ' ' --squeeze-repeats`"/ | sed s/KKKKK/"`cat /etc/issue.net | grep -i "kernel" | head -n1 | tr ' ' ' ' --squeeze-repeats`"/ | sed s/TTTTT/"`LC_TIME=C date`"/ | sed s/' 'r' 'on' 'an' 'm/' '`uname -r`' 'on' 'an' '`uname -m`/ > $mountpoint/message -# cp -f $mountpoint/message /tmp +# cp -f $mountpoint/message $TMP_ROOT if [ "$disksize" -eq "2880" ] ; then if [ "`DidMondoCallMe`" ] ; then if [ "$CDRECOVERY" = "no" ] ; then @@ -1232,8 +1232,8 @@ $LILO_EXE -r $mountpoint >> $LOGFILE 2>> $LOGFILE fi if [ $? -ne "0" ] ; then - if [ "`cat $LOGFILE | grep "/tmp/dev\.0"`" ] ; then - LogIt "The '/tmp/dev.0' error is NOT Mindi's fault. It is LILO's." + if [ "`cat $LOGFILE | grep "$TMP_ROOT/dev\.0"`" ] ; then + LogIt "The '$TMP_ROOT/dev.0' error is NOT Mindi's fault. It is LILO's." LogIt "Please reboot your PC as a workaround." Die "LILO sneezed and Mindo caught a cold. Please read the README / FAQ." fi @@ -1308,7 +1308,7 @@ ListKernelModulePaths >> $needlist fi if [ "$res" -ne "0" ] ; then - rm -f /tmp/mindi-needlist.txt + rm -f $TMP_ROOT/mindi-needlist.txt Die "You have $res file`PluralOrNot $res` present in dependency list\nbut absent from filesystem." fi FindAndAddUserKeyboardMappingFile @@ -1666,9 +1666,9 @@ # ---------- used to be $LOOPDEVICE that was formatted.. but newer kernels # don't like that, so I've changed it to $imagefile # -i 1024 - mke2fs -i 1024 -m 0 -F $tempfile > /tmp/mke2fs.$$ 2> /tmp/mke2fs.$$ - [ "$?" -ne "0" ] && cat /tmp/mke2fs.$$ - rm -f /tmp/mke2fs.$$ + mke2fs -i 1024 -m 0 -F $tempfile > $TMP_ROOT/mke2fs.$$ 2> $TMP_ROOT/mke2fs.$$ + [ "$?" -ne "0" ] && cat $TMP_ROOT/mke2fs.$$ + rm -f $TMP_ROOT/mke2fs.$$ echo -en "..." mkdir -p $mountpoint mount -t ext2 -o loop $tempfile $mountpoint || Die "Cannot loopmount $tempfile to $mountpoint" @@ -1687,7 +1687,7 @@ cd $old_pwd echo -en "..." MakeModuleLoadingScript $mountpoint/sbin/insert-all-my-modules - cp -f $mountpoint/sbin/insert-all-my-modules /tmp/IAMM + cp -f $mountpoint/sbin/insert-all-my-modules $TMP_ROOT/IAMM echo -en "..." old_pwd=`pwd` if [ "$YOUR_KERNEL_SUCKS" ] ; then @@ -1823,8 +1823,8 @@ LILO_EXE=lilo fi $LILO_EXE -V | grep "21\.6" > /dev/null && Die "Please upgrade LILO." -cat /proc/mounts | grep " $TMP_ROOT " | grep tmps > /dev/null 2> /dev/null && TMP_ROOT=/home && LogIt "Changing TMP_ROOT to $TMP_ROOT because you're using tmpfs for /tmp" ; # tmpfs doesn't like Mindi, for some reason -rm -f /tmp/mindi_lo +cat /proc/mounts | grep " /tmp " | grep tmps > /dev/null 2> /dev/null && TMP_ROOT=`mktemp -d -p /var/tmp` && LogIt "Changing TMP_ROOT to $TMP_ROOT because you're using tmpfs for /tmp" ; # tmpfs doesn't like Mindi, for some reason +rm -f $TMP_ROOT/mindi_lo trap "Aborted" SIGTERM DONE="\r\t\t\t\t\t\t\t\t\tDone." CHOPSIZE=200 @@ -1910,7 +1910,7 @@ fi echo -e "Mindi's temp dir = $TMP_ROOT \nMindi's output dir=$imagesdir" >> $LOGFILE [ "$(($RANDOM%64))" -eq "0" ] && LogIt "Dude, I've looked inside your computer and it's really dusty..." -rm -f /tmp/mindi.err.*.tgz +rm -f $TMP_ROOT/mindi.err.*.tgz PrepareDataDiskImages $imagesdir noof_disks=$? ramdisk_size=$(($size_of_all_tools+$TOTAL_BIGDIR_SIZE+EXTRA_SPACE)) @@ -1950,7 +1950,7 @@ done fi [ "$TMP_ROOT" != "/tmp" ] && rm -Rf $TMP_ROOT -rm -Rf /tmp/mindi-needlist.txt /tmp/mountlist.txt.$$ +rm -Rf $TMP_ROOT/mindi-needlist.txt $TMP_ROOT/mountlist.txt.$$ LogIt "$FRIENDLY_OUTSTRING" echo "Mindi is exiting" >> $LOGFILE exit 0