First published: Tue Sep 11 2012(Updated: )
Jim Meyering (meyering) of Red Hat reports: glusterfs writes to predictably-named files in /tmp using the PID and other non random or easily guessed information to create file names. libglusterfs/src/statedump.c gf_proc_dump_open (char *dump_dir, char *brickname) { char path[PATH_MAX] = {0,}; int dump_fd = -1; snprintf (path, sizeof (path), "%s/%s.%d.dump", (dump_dir ? dump_dir : "/tmp"), brickname, getpid()); ... gf_proc_dump_options_init () { int ret = -1; FILE *fp = NULL; char buf[256]; char dumpbuf[GF_DUMP_MAX_BUF_LEN]; char *key = NULL, *value = NULL; char *saveptr = NULL; char dump_option_file[PATH_MAX]; snprintf (dump_option_file, sizeof (dump_option_file), "/tmp/glusterdump.%d.options", getpid ());
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/glusterfs | 5.5-3 9.2-1 10.3-5 11.0-3 | |
Gluster GlusterFS | =3.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.