Merge pull request #194 from throwaway96/renew-script-temp-dir-20240217

Address race condition in renew-script.sh

src/app/info/renew-script/renew-script.sh

@@ -1,19 +1,31 @@
 #!/bin/sh
 
+# WARNING: Do not run this as root!
+# If $SESSION_TOKEN_CACHE is a symlink, its target wil be overwritten.
+
 DEVICE_NAME='{{device.name}}'
 DEVICE_HOST='{{device.host}}'
 DEVICE_PORT='{{device.port}}'
 DEVICE_USERNAME='{{device.username}}'
 DEVICE_PASSPHRASE='{{device.passphrase}}'
 
-PRIV_KEY_FILE="/tmp/webos_privkey_${DEVICE_NAME}"
+umask 077
+
+if ! TEMP_KEY_DIR="$(mktemp -d)"; then
+    echo "Failed to create random temporary directory for key; using fallback" >&2
+    TEMP_KEY_DIR="/tmp/renew-script.$$"
+    if ! mkdir "${TEMP_KEY_DIR}"; then
+        echo "Fallback temporary directory ${TEMP_KEY_DIR} already exists" >&2
+        exit 1
+    fi
+fi
+
+PRIV_KEY_FILE="${TEMP_KEY_DIR}/webos_privkey_${DEVICE_NAME}"
 
 cat >"${PRIV_KEY_FILE}" <<END_OF_PRIVKEY
 {{keyContent}}
 END_OF_PRIVKEY
 
-chmod 600 "${PRIV_KEY_FILE}"
-
 if [ -n "${DEVICE_PASSPHRASE}" ]; then
   ssh-keygen -p -P "${DEVICE_PASSPHRASE}" -N '' -f "${PRIV_KEY_FILE}"
 fi
@@ -25,6 +37,8 @@ SESSION_TOKEN=$(ssh -i "${PRIV_KEY_FILE}" \
   -p "${DEVICE_PORT}" "${DEVICE_USERNAME}@${DEVICE_HOST}" \
   cat /var/luna/preferences/devmode_enabled)
 
+rm -rf "${TEMP_KEY_DIR}"
+
 SESSION_TOKEN_CACHE="/tmp/webos_devmode_token_${DEVICE_NAME}.txt"
 
 if [ -z "$SESSION_TOKEN" ]; then