SECURITY:

Jeroen van Wolffelaar <jeroen@wolffelaar.nl> discovered an
insecure temporary file vulnerability in the mysqlhotcopy
script when using the scp method.

ok naddy, brad, pvalchev

databases/mysql/patches/patch-scripts_mysqlhotcopy_sh

@@ -0,0 +1,50 @@
+$OpenBSD: patch-scripts_mysqlhotcopy_sh,v 1.1 2004/08/20 09:21:19 robert Exp $
+--- scripts/mysqlhotcopy.sh.orig	Fri May 14 02:53:38 2004
++++ scripts/mysqlhotcopy.sh	Fri Aug 20 01:21:57 2004
+@@ -7,6 +7,7 @@
+ use File::Path;
+ use DBI;
+ use Sys::Hostname;
++use File::Temp;
+ 
+ =head1 NAME
+ 
+@@ -610,7 +611,6 @@
+ sub copy_index
+ {
+   my ($method, $files, $source, $target) = @_;
+-  my $tmpfile="$opt_tmpdir/mysqlhotcopy$$";
+   
+   print "Copying indices for ".@$files." files...\n" unless $opt{quiet};  
+   foreach my $file (@$files)
+@@ -636,23 +636,23 @@
+       }
+       close OUTPUT	   || die "Error on close of $to: $!\n";
+     }
+-    elsif ($opt{method} eq 'scp')
++    elsif ($opt{method} =~ /^scp\b/)
+     {
+-      my $tmp=$tmpfile;
+-      open(OUTPUT,">$tmp") || die "Can\'t create file $tmp: $!\n";
+-      if (syswrite(OUTPUT,$buff) != length($buff))
++      my ($fh, $tmp)=tempfile('mysqlhotcopy-XXXXXX', DIR => $opt_tmpdir);
++      die "Can\'t create/open file in $opt_tmpdir\n" unless defined $fh;
++      if (syswrite($fh,$buff) != length($buff))
+       {
+ 	die "Error when writing data to $tmp: $!\n";
+       }
+-      close OUTPUT	     || die "Error on close of $tmp: $!\n";
+-      safe_system("scp $tmp $to");
++      close $fh || die "Error on close of $tmp: $!\n";
++      safe_system("$opt{method} $tmp $to");
++      unlink $tmp;
+     }
+     else
+     {
+       die "Can't use unsupported method '$opt{method}'\n";
+     }
+   }
+-  unlink "$tmpfile" if  ($opt{method} eq 'scp');
+ }
+ 
+