Create temporary files to be shared between uses in /tmp

Some commands need to be executed as the pki user and not root to retain filesystem permissions. There are a few places where passwords are written to files as root to be passed into commands executed by pkiuser. If a private temporary directory is set before pkispawn is called then this method for sharing passwords between users will not work because the file will be unreadable. So force these calls to use /tmp directly instead of the private temporary directory. Fixes: #4475 Signed-off-by: Rob Crittenden <[email protected]>
dogtagpki · Jul 14, 2023 · e274e4b · e274e4b
1 parent d7c0e62
commit e274e4b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
@@ -361,7 +361,7 @@ def get_password_file(self, tmpdir, token, filename=None,
             filename)
 
     def create_tmpdir(self):
-        tmpdir = tempfile.mkdtemp()
+        tmpdir = tempfile.mkdtemp(dir='/tmp')
         if self.user:
             os.chown(tmpdir, self.uid, self.gid)
         return tmpdir
@@ -1724,7 +1724,7 @@ def __create_cert(
         if aia_ext:
             self.__create_aia_ext(exts, aia_ext)
 
-        tmpdir = tempfile.mkdtemp()
+        tmpdir = tempfile.mkdtemp(dir='/tmp')
 
         try:
             if exts: