From nbm@rucus.ru.ac.za Fri Aug  6 13:12:50 1999
Return-Path: <nbm@rucus.ru.ac.za>
Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2])
	by hub.freebsd.org (Postfix) with SMTP id 2AC4F14D1C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  6 Aug 1999 13:12:41 -0700 (PDT)
	(envelope-from nbm@rucus.ru.ac.za)
Received: (qmail 75420 invoked by uid 1003); 6 Aug 1999 20:13:16 -0000
Message-Id: <19990806201316.75419.qmail@rucus.ru.ac.za>
Date: 6 Aug 1999 20:13:16 -0000
From: nbm@rucus.ru.ac.za
Reply-To: nbm@rucus.ru.ac.za
To: FreeBSD-gnats-submit@freebsd.org
Subject: make rc use mktemp for temporary motd file
X-Send-Pr-Version: 3.2

>Number:         13005
>Category:       bin
>Synopsis:       make rc use mktemp for temporary motd file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug  6 13:20:00 PDT 1999
>Closed-Date:    Fri Aug 6 16:49:49 PDT 1999
>Last-Modified:  Fri Aug  6 16:50:30 PDT 1999
>Originator:     Neil Blakey-Milner
>Release:        FreeBSD 3.0-STABLE i386
>Organization:
Rhodes University Computer Users' Society
>Environment:

FreeBSD rucus.ru.ac.za 3.0-STABLE FreeBSD 3.0-STABLE #0: Tue Feb  9 22:52:23 GMT 1999     grahams@rucus.ru.ac.za:/usr/src/sys/compile/RUCUS-SMP  i386

>Description:

rc currently uses the file /tmp/_motd as a temporary file, and despite
attempting to delete it, that operation may fail (chflags) and cause
arbitrary non-roots to effectively replace the motd at bootup.

>How-To-Repeat:

su - arb
cd /tmp
touch _motd
chflags

>Fix:
--- rc.orig	Fri Aug  6 19:15:16 1999
+++ rc	Fri Aug  6 22:02:34 1999
@@ -400,13 +400,16 @@
 fi
 
 if [ "X${update_motd}" != X"NO" ]; then
-	T=/tmp/_motd
-	rm -rf $T
-	uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > $T
-	awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> $T
-	cp $T /etc/motd
-	chmod 644 /etc/motd
-	rm -rf $T
+	T=`mktemp -q /tmp/_motd.XXXXXX`
+	if [ $? -eq 0 ]; then
+		uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' >> $T
+		awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> $T
+		cp $T /etc/motd
+		chmod 644 /etc/motd
+		rm -rf $T
+	else
+		echo "Could not create temporary file $T for motd update!"
+	fi
 fi
 
 # Run rc.devfs if present to customify devfs

>Release-Note:
>Audit-Trail:

From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  
Subject: Re: bin/13005: make rc use mktemp for temporary motd file
Date: Fri, 6 Aug 1999 22:26:22 +0200

 On Fri 1999-08-06 (20:13), nbm@rucus.ru.ac.za wrote:
 > rc currently uses the file /tmp/_motd as a temporary file, and despite
 > attempting to delete it, that operation may fail (chflags) and cause
 > arbitrary non-roots to effectively replace the motd at bootup.
 
 Cancel that, I really should keep up to date and not sit on patches for
 more than two days.
 
State-Changed-From-To: open->closed 
State-Changed-By: hoek 
State-Changed-When: Fri Aug 6 16:49:49 PDT 1999 
State-Changed-Why:  
Originator confirms he sat on his patches for too long and they have since 
become redundant. 
>Unformatted:
