Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A malicious user can clobber any file due to insecure tmp file handling. Example:
pi@raspberrypi ~ $ ln -s /etc/passwd /tmp/updateScript.sh
pi@raspberrypi ~ $ sudo rpi-update
...
pi@raspberrypi ~ $ cat /etc/passwd
!/bin/bash
if mv "./testfile.sh.tmp" "./testfile.sh"; then
rm -- "$0"
exec env UPDATE_SELF=0 /bin/bash "./testfile.sh" ""
else
echo " !!! Failed!"
fi
As of this point, the pi is quite unusable.
As there are already references in the code to data stored in the root user's home directory, I have replicated that configuration in this patch.