[packages/openl2tp.git] / openl2tp-setkey.patch

--- openl2tp-1.8/plugins/ipsec.c.orig	2010-01-18 10:00:08.000000000 +0100
+++ openl2tp-1.8/plugins/ipsec.c	2011-11-26 17:34:54.000000000 +0100
@@ -31,8 +31,9 @@
 #include "usl.h"
 #include "l2tp_private.h"
 
-#define IPSEC_SETKEY_CMD	"/sbin/setkey"
-#define IPSEC_SETKEY_FILE	"/tmp/openl2tpd-tmp"
+#define IPSEC_SETKEY_CMD	"/usr/sbin/setkey"
+// not in /tmp to prevent symlink attack
+#define IPSEC_SETKEY_FILE	"/var/run/openl2tp/setkey-tmp"
 #define IPSEC_SETKEY_ACTION	IPSEC_SETKEY_CMD " -f " IPSEC_SETKEY_FILE
 
 /* We keep a list of every SPD entry that we install */
Commit	Line	Data
a6bc4aa2 JK	1	--- openl2tp-1.8/plugins/ipsec.c.orig 2010-01-18 10:00:08.000000000 +0100
	2	+++ openl2tp-1.8/plugins/ipsec.c 2011-11-26 17:34:54.000000000 +0100
	3	@@ -31,8 +31,9 @@
	4	#include "usl.h"
	5	#include "l2tp_private.h"
	6
	7	-#define IPSEC_SETKEY_CMD "/sbin/setkey"
	8	-#define IPSEC_SETKEY_FILE "/tmp/openl2tpd-tmp"
	9	+#define IPSEC_SETKEY_CMD "/usr/sbin/setkey"
	10	+// not in /tmp to prevent symlink attack
	11	+#define IPSEC_SETKEY_FILE "/var/run/openl2tp/setkey-tmp"
	12	#define IPSEC_SETKEY_ACTION IPSEC_SETKEY_CMD " -f " IPSEC_SETKEY_FILE
	13
	14	/* We keep a list of every SPD entry that we install */