Fix mktempfile() with no mktemp

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1425 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

STABLE/changelog.txt

@@ -41,3 +41,5 @@ Changes since 1.4.9
 19) Fix local exploit vulnerability.
 
 20) Hack security fix so that it works under Slackware.
+
+21) Fix mktempfile() where there is no mktemp utility.

STABLE/functions

@@ -213,7 +213,7 @@ mktempfile() {
 		mktemp -p $1 shorewall.XXXXXX
 		;;
 	    None)
-		mkdir $1/shorewall-$$ && echo $1/shorewall-$$
+		> $1/shorewall-$$ && echo $1/shorewall-$$
 		;;
 	    *)
 		echo "   ERROR:Internal error in mktempfile"

STABLE/releasenotes.txt

@@ -52,7 +52,9 @@ Problems Corrected since version 1.4.9:
 14. An exploitable vulnerability that allows local non-root users to 
     cause arbitrary files to be overwritten has been eliminated.
 
-15) The security vulnerability fix failed under Slackware 9.1. 
+15) The security vulnerability fix failed under Slackware 9.1.
+
+16) The security vulnerability fix failed if mktemp was not installed.
 
 Migration Issues:
 

STABLE2/changelog.txt

@@ -40,3 +40,5 @@ Changes since 2.0.2
 18) Fix security vulnerability involving temporary files/directories.
 
 19) Hack security fix so that it works under Slackware.
+
+20) Fix mktempfile() where there is no mktemp utility.

STABLE2/functions

@@ -374,7 +374,7 @@ mktempfile() {
 		mktemp -p $1 shorewall.XXXXXX
 		;;
 	    None)
-		mkdir $1/shorewall-$$ && echo $1/shorewall-$$
+		> $1/shorewall-$$ && echo $1/shorewall-$$
 		;;
 	    *)
 		echo "   ERROR:Internal error in mktempfile"

STABLE2/releasenotes.txt

@@ -54,6 +54,8 @@ Problems Corrected since 2.0.3
 
 3) The security vulnerability fix failed under Slackware 9.1. 
 
+4) The security vulnerability fix failed if mktemp was not installed.
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0.2 to Shorewall 2.0.3: