forked from extern/shorewall_code
Avoid local exploitability with compile output file -- Take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3256 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
cc7f84cea9
commit
89b7028f46
@ -8904,6 +8904,11 @@ compile_firewall() # $1 = File Name
|
|||||||
#
|
#
|
||||||
# END OVERLOADED FUNCTIONS
|
# END OVERLOADED FUNCTIONS
|
||||||
#
|
#
|
||||||
|
verify_os_version
|
||||||
|
verify_ip
|
||||||
|
|
||||||
|
[ -d /var/lib/shorewall ] || { mkdir -p /var/lib/shorewall ; chmod 700 /var/lib/shorewall; }
|
||||||
|
|
||||||
case $outfile in
|
case $outfile in
|
||||||
*/*)
|
*/*)
|
||||||
[ -d $dir ] || startup_error "Directory $dir does not exist"
|
[ -d $dir ] || startup_error "Directory $dir does not exist"
|
||||||
@ -8919,11 +8924,6 @@ compile_firewall() # $1 = File Name
|
|||||||
|
|
||||||
[ -f $outfile -a ! -x $outfile ] && startup_error "$outfile exists and is not a restore file"
|
[ -f $outfile -a ! -x $outfile ] && startup_error "$outfile exists and is not a restore file"
|
||||||
|
|
||||||
verify_os_version
|
|
||||||
verify_ip
|
|
||||||
|
|
||||||
[ -d /var/lib/shorewall ] || { mkdir -p /var/lib/shorewall ; chmod 700 /var/lib/shorewall; }
|
|
||||||
|
|
||||||
RESTOREBASE=$(mktempfile /var/lib/shorewall)
|
RESTOREBASE=$(mktempfile /var/lib/shorewall)
|
||||||
|
|
||||||
STATEDIR=/var/lib/shorewall/.compiler
|
STATEDIR=/var/lib/shorewall/.compiler
|
||||||
@ -9047,9 +9047,9 @@ compile_firewall() # $1 = File Name
|
|||||||
|
|
||||||
mv -f $RESTOREBASE $outfile
|
mv -f $RESTOREBASE $outfile
|
||||||
|
|
||||||
chmod 700 $file
|
chmod 700 $outfile
|
||||||
|
|
||||||
echo "Shorewall configuration compiled to $file"
|
echo "Shorewall configuration compiled to $outfile"
|
||||||
|
|
||||||
rm -rf $TMP_DIR
|
rm -rf $TMP_DIR
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user