Bug 1043850

Summary: yum-rhn-plugin: slightly insecure use of /var/tmp
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: yum-rhn-pluginAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Minar <mminar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: jhutar, mkoci, mminar, msuchy, mzazrivec, riehecky
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: yum-rhn-plugin-2.0.1-4.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1043847 Environment:
Last Closed: 2014-06-13 11:23:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1043847    
Bug Blocks:    

Description Florian Weimer 2013-12-17 10:51:17 UTC 
+++ This bug was initially created as a clone of Bug #1043847 +++

touch follows symlinks, so this %pre script allows creation of zero-length files (as seen in yum-rhn-plugin-2.0.1-2):

%pre
# 682820 - re-enable yum-rhn-plugin after package upgrade if the system is already registered
export pluginconf='/etc/yum/pluginconf.d/rhnplugin.conf'
if [ $1 -gt 1 ] && [ -f /etc/sysconfig/rhn/systemid ] && [ -f "$pluginconf" ]; then
    if grep -q '^[[:space:]]*enabled[[:space:]]*=[[:space:]]*1[[:space:]]*$' \
       "$pluginconf"; then
        touch /var/tmp/enable-yum-rhn-plugin
    fi
fi

The flag should be stored somewhere else, perhaps in /etc.
Comment 2 Milan Zázrivec 2014-02-03 15:23:15 UTC 
spacewalk.git master: 7760c859623fa262effcc6aad295f5f5e0383794
Comment 6 Ludek Smid 2014-06-13 11:23:28 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.