forked from extern/shorewall_code
Avoid local exploitability with compile output file -- Take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3256 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
cc7f84cea9
commit
89b7028f46
@ -8904,6 +8904,11 @@ compile_firewall() # $1 = File Name
|
||||
#
|
||||
# END OVERLOADED FUNCTIONS
|
||||
#
|
||||
verify_os_version
|
||||
verify_ip
|
||||
|
||||
[ -d /var/lib/shorewall ] || { mkdir -p /var/lib/shorewall ; chmod 700 /var/lib/shorewall; }
|
||||
|
||||
case $outfile in
|
||||
*/*)
|
||||
[ -d $dir ] || startup_error "Directory $dir does not exist"
|
||||
@ -8919,11 +8924,6 @@ compile_firewall() # $1 = File Name
|
||||
|
||||
[ -f $outfile -a ! -x $outfile ] && startup_error "$outfile exists and is not a restore file"
|
||||
|
||||
verify_os_version
|
||||
verify_ip
|
||||
|
||||
[ -d /var/lib/shorewall ] || { mkdir -p /var/lib/shorewall ; chmod 700 /var/lib/shorewall; }
|
||||
|
||||
RESTOREBASE=$(mktempfile /var/lib/shorewall)
|
||||
|
||||
STATEDIR=/var/lib/shorewall/.compiler
|
||||
@ -9047,9 +9047,9 @@ compile_firewall() # $1 = File Name
|
||||
|
||||
mv -f $RESTOREBASE $outfile
|
||||
|
||||
chmod 700 $file
|
||||
chmod 700 $outfile
|
||||
|
||||
echo "Shorewall configuration compiled to $file"
|
||||
echo "Shorewall configuration compiled to $outfile"
|
||||
|
||||
rm -rf $TMP_DIR
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user