From e274e4bbca290c75ac7d9ff0c4feaee4e9559bfb Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 14 Jul 2023 09:35:51 -0400 Subject: [PATCH] Create temporary files to be shared between uses in /tmp Some commands need to be executed as the pki user and not root to retain filesystem permissions. There are a few places where passwords are written to files as root to be passed into commands executed by pkiuser. If a private temporary directory is set before pkispawn is called then this method for sharing passwords between users will not work because the file will be unreadable. So force these calls to use /tmp directly instead of the private temporary directory. Fixes: https://github.com/dogtagpki/pki/issues/4475 Signed-off-by: Rob Crittenden --- base/common/python/pki/nssdb.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index d12959c0559..da863cf79ec 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -361,7 +361,7 @@ def get_password_file(self, tmpdir, token, filename=None, filename) def create_tmpdir(self): - tmpdir = tempfile.mkdtemp() + tmpdir = tempfile.mkdtemp(dir='/tmp') if self.user: os.chown(tmpdir, self.uid, self.gid) return tmpdir @@ -1724,7 +1724,7 @@ def __create_cert( if aia_ext: self.__create_aia_ext(exts, aia_ext) - tmpdir = tempfile.mkdtemp() + tmpdir = tempfile.mkdtemp(dir='/tmp') try: if exts: