[pve-devel] [PATCH pve-cluster v2 3/3] Create temporary CSR file in /run instead of /tmp
Arthur Bied-Charreton
a.bied-charreton at proxmox.com
Mon Jan 26 10:55:47 CET 2026
Creating temp files in a world-writable directory such as /tmp could expose
the config generation to symlink races. Use /run directory instead.
As suggested here:
https://lore.proxmox.com/pve-devel/20260123195300.0ae7fcc9@rosa.proxmox.com/T/#t
Suggested-by: Stoiko Ivanov <s.ivanov at proxmox.com>
Signed-off-by: Arthur Bied-Charreton <a.bied-charreton at proxmox.com>
---
src/PVE/Cluster/Setup.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Cluster/Setup.pm b/src/PVE/Cluster/Setup.pm
index b9cacfd..5ed85ad 100644
--- a/src/PVE/Cluster/Setup.pm
+++ b/src/PVE/Cluster/Setup.pm
@@ -504,7 +504,7 @@ sub gen_pve_ssl_cert {
$names .= ",DNS:$fqdn";
}
- my $reqfn = "/tmp/pvecertreq-$$.tmp";
+ my $reqfn = "/run/pvecertreq-$$.tmp";
unlink $reqfn;
my $pvessl_key_fn = "$pmxcfs_base_dir/nodes/$nodename/pve-ssl.key";
--
2.47.3
More information about the pve-devel
mailing list