123456789101112131415161718192021222324252627282930313233343536373839 |
- Subject: Don't attempt to create temporary files in the user's home directory
- Origin: v9-2-gdc292ff
- Upstream-Author: Javier Martinez Canillas <javierm@redhat.com>
- Date: Tue Feb 20 16:51:10 2018 +0100
- To use the tpm2 pin, some temporary files need to be created due how the
- tpm2-tools work. Currently they are created in the user's home directory
- but the commands can be executed by a user that doesn't have a home dir.
-
- So it's better to just create the temporary directory in /tmp, which is
- mktemp default. The mktemp default permissions are u+rwx anyways, so it
- isn't less secure to have the temp dir at /tmp instead of the home dir.
-
- Fixes: #30
-
- Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
- --- a/src/clevis-decrypt-tpm2
- +++ b/src/clevis-decrypt-tpm2
- @@ -82,7 +82,7 @@
- exit 1
- fi
-
- -if ! TMP=`mktemp -d -p ~`; then
- +if ! TMP=`mktemp -d`; then
- echo "Creating a temporary dir for TPM files failed!" >&2
- exit 1
- fi
- --- a/src/clevis-encrypt-tpm2
- +++ b/src/clevis-encrypt-tpm2
- @@ -92,7 +92,7 @@
- exit 1
- fi
-
- -if ! TMP=`mktemp -d -p ~`; then
- +if ! TMP=`mktemp -d`; then
- echo "Creating a temporary dir for TPM files failed!" >&2
- exit 1
- fi
|