File tmon-predictable-temporary-path-var-log-tmon.log.patch of Package tmon

From: Thomas Renninger <trenn@suse.de>
Subject: tmon: predictable temporary path /var/log/tmon.log
References: bsc#1225511
Patch-Mainline: 
Git-commit: 995c08192244a427b9584a41576fda4506b65d7d


tmon only runs as root and logs event to /var/tmp/tmon.log
If fs.protected_symlinks=0, an unprivileged user can overwrite
arbitrary files on the system.

nobody@localhost:/var/tmp> ln -s /test/shadow tmon.log
root@localhost:/> tmon -l

Reported-by: Wolfgang Fritsch <wolfgang.frisch@suse.com>
Signed-off-by: Thomas Renninger <trenn@suse.com>


Signed-off-by:  <trenn@suse.de>
diff --git a/tmon.c b/tmon.c
index 7eb3216a27f4..9faf5a8c606c 100644
--- a/tmon.c
+++ b/tmon.c
@@ -53,7 +53,7 @@ void usage(void)
 	printf("  -d, --daemon          run as daemon, no TUI\n");
 	printf("  -g, --debug           debug message in syslog\n");
 	printf("  -h, --help            show this help message\n");
-	printf("  -l, --log             log data to /var/tmp/tmon.log\n");
+	printf("  -l, --log             log data to /var/log/tmon.log\n");
 	printf("  -t, --time-interval   sampling time interval, > 1 sec.\n");
 	printf("  -T, --target-temp     initial target temperature\n");
 	printf("  -v, --version         show version\n");
@@ -250,7 +250,7 @@ int main(int argc, char **argv)
 			target_temp_user = temp;
 			break;
 		case 'l':
-			printf("Logging data to /var/tmp/tmon.log\n");
+			printf("Logging data to /var/log/tmon.log\n");
 			logging = 1;
 			break;
 		case 'h':
diff --git a/tmon.h b/tmon.h
index 44d16d778f04..eba988e98ae6 100644
--- a/tmon.h
+++ b/tmon.h
@@ -25,7 +25,7 @@
  */
 #define DATA_LEFT_ALIGN 10
 #define NR_LINES_TZDATA 1
-#define TMON_LOG_FILE "/var/tmp/tmon.log"
+#define TMON_LOG_FILE "/var/log/tmon.log"
 
 #include <sys/time.h>
 #include <pthread.h>