From dce4a1a022ab8874f33bb031c5da182bca4645a2 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 14 Jul 2023 09:35:51 -0400 Subject: [PATCH] Create temporary files to be shared between uses in /tmp Some commands need to be executed as the pki user and not root to retain filesystem permissions. There are a few places where passwords are written to files as root to be passed into commands executed by pkiuser. If a private temporary directory is set before pkispawn is called then this method for sharing passwords between users will not work because the file will be unreadable. So force these calls to use /tmp directly instead of the private temporary directory. Fixes: https://github.com/dogtagpki/pki/issues/4475 Signed-off-by: Rob Crittenden --- base/common/python/pki/nssdb.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 563455354a9..fb9b9672e9a 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -370,7 +370,7 @@ def get_password_file(self, tmpdir, token, filename=None, filename) def create_tmpdir(self): - tmpdir = tempfile.mkdtemp() + tmpdir = tempfile.mkdtemp(dir='/tmp') if self.user: os.chown(tmpdir, self.uid, self.gid) return tmpdir @@ -1742,7 +1742,7 @@ def __create_cert( if aia_ext: self.__create_aia_ext(exts, aia_ext) - tmpdir = tempfile.mkdtemp() + tmpdir = tempfile.mkdtemp(dir='/tmp') try: if exts: