From: Bernd Eckenfels <ecki@debian.org>
Date: Sun, 15 Jun 2008 16:52:11 +0200
Subject: [PATCH] Fix insecure temp file

From Debian changelog, version 0.71-6: SECURITY: fixed insecure temp
file creation/deletion reported by Stefan Nordhausen. This is
net-acct-notempfiles.patch from Sep 2 2004 (Closes: Bug #270359)
(simply remove the code)
---
 src/process.c |   17 -----------------
 1 files changed, 0 insertions(+), 17 deletions(-)

diff --git a/src/process.c b/src/process.c
index e926682..5b6ec2b 100644
--- a/src/process.c
+++ b/src/process.c
@@ -397,7 +397,6 @@ void WAIT_CHILD(void)
 void write_list(void)
 {
     FILE *f;
-    char tmpn[255];
     int i;
 
     while( (writepid = fork()) < 0) sleep(1);
@@ -410,9 +409,6 @@ void write_list(void)
 
     DEBUG(DBG_STATE, sprintf(dbg, "write child: synchronized with parent\n"));
 
-    sprintf(tmpn, "/tmp/nacctd.write.%d", (int) getpid());
-    creat(tmpn, S_IRUSR);
-
     openlog("nacctd (write)", 0, LOG_DAEMON);
 
     DEBUG(DBG_STATE, sprintf(dbg, "* write process %d forked\n", (int) getpid()));
@@ -420,14 +416,12 @@ void write_list(void)
     f = fopen(cfg->filename, "a");
     if(f==NULL)
 	{
-	    unlink(tmpn);
 	    syslog(LOG_ERR, "error opening file %s: %m\n",cfg->filename);
 	    exit(1);
 	}
 
     if(do_write_list(f, olist) != 0)
 	{
-	    unlink(tmpn);
 	    syslog(LOG_ERR, "error writing to file %s: %m\n", cfg->filename);
 	    exit(1);
 	}
@@ -436,8 +430,6 @@ void write_list(void)
     for (i=0; i < HASH_SIZE; i++) 
        olist[i] = NULL;
 
-    unlink(tmpn);
-
     DEBUG(DBG_STATE, sprintf(dbg, "* write finished, count = %ld\n", olistsize));
 
     exit(0);
@@ -446,7 +438,6 @@ void write_list(void)
 void dump_curr_list(void)
 {
     FILE *f;
-    char tmpn[255];
     int i;
 
     while( (dumppid = fork()) < 0) sleep(1);
@@ -459,16 +450,12 @@ void dump_curr_list(void)
 
     /* Here goes the child */
 
-    sprintf(tmpn, "/tmp/nacctd.dump.%d", (int) getpid());
-    creat(tmpn, S_IRUSR);
-
     openlog("nacctd (dump)", 0, LOG_DAEMON);
 
     DEBUG(DBG_STATE, sprintf(dbg, "* dump process %d forked\n", (int) getpid()));
 
     if(plistsize == 0)
 	{
-	    unlink(tmpn);
 	    unlink(cfg->dumpname);
 	    DEBUG(DBG_STATE, sprintf(dbg, "* dump finished, dump empty\n"));
 	    exit(0);
@@ -477,14 +464,12 @@ void dump_curr_list(void)
     f = fopen(cfg->dumpname, "w");
     if(f==NULL)
 	{
-	    unlink(tmpn);
 	    syslog(LOG_ERR, "error opening file %s: %m\n",cfg->dumpname);
 	    exit(1);
 	}
 
     if(do_write_list(f, plist) != 0)
 	{
-	    unlink(tmpn);
 	    syslog(LOG_ERR, "error writing to file %s: %m\n", cfg->dumpname);
 	    exit(1);
 	}
@@ -492,8 +477,6 @@ void dump_curr_list(void)
     for (i=0; i < HASH_SIZE; i++) 
        plist[i] = NULL;
 
-    unlink(tmpn);
-
     DEBUG(DBG_STATE, sprintf(dbg, "* dump finished, count = %ld\n", plistsize));
 
     exit(0);
--