diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2020-06-18 13:46:42 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-18 13:46:42 +0300 |
| commit | 051be098383a70436124f56fe8ec0848ee533831 (patch) | |
| tree | 39211a494e1a53752aa4559ca6e9d0a743b66c2b /lynis | |
| parent | 3b9eda53cc20e851c4456618f027bc9ea794ad30 (diff) | |
| parent | 5b09da0d9878096d45f04b858c4f65e674369ab4 (diff) | |
Merge pull request #594 from katkad/home_result
CVE-2020-13882: discovered by Sander Bos, code submission by Katarina Durechova - Store log and data file in home directory for non-privileged usage
Diffstat (limited to 'lynis')
| -rwxr-xr-x | lynis | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -267,21 +267,21 @@ # Disable logging if no alternative was provided if [ ${PRIVILEGED} -eq 0 ]; then if [ -z "${LOGFILE}" ]; then - # Try creating a log file in temporary directory - if [ ! -f /tmp/lynis.log ]; then - if [ -L /tmp/lynis.log ]; then echo "Log file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi - touch /tmp/lynis.log - if [ $? -eq 0 ]; then LOGFILE="/tmp/lynis.log"; else LOGFILE="/dev/null"; fi + # Try creating a log file in home directory + if [ ! -f "$HOME/lynis.log" ]; then + if [ -L "$HOME/lynis.log" ]; then echo "Log file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi + touch "$HOME/lynis.log" + if [ $? -eq 0 ]; then LOGFILE="$HOME/lynis.log"; else LOGFILE="/dev/null"; fi else - LOGFILE="/tmp/lynis.log" + LOGFILE="$HOME/lynis.log" fi else if [ -L "${LOGFILE}" ]; then echo "Log file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi fi if [ -z "${REPORTFILE}" ]; then - touch /tmp/lynis-report.dat - if [ -L /tmp/lynis-report.dat ]; then echo "Report file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi - if [ $? -eq 0 ]; then REPORTFILE="/tmp/lynis-report.dat"; else REPORTFILE="/dev/null"; fi + touch "$HOME/lynis-report.dat" + if [ -L "$HOME/lynis-report.dat" ]; then echo "Report file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi + if [ $? -eq 0 ]; then REPORTFILE="$HOME/lynis-report.dat"; else REPORTFILE="/dev/null"; fi else if [ -L "${REPORTFILE}" ]; then echo "Report file is symlinked, which can introduce the risk of a symlink attack."; exit 1; fi fi |