From 46821fe6d86a1f1a338a9fa4da87ab698cb4fb1b Mon Sep 17 00:00:00 2001 From: RagavRida Date: Fri, 24 Apr 2026 00:06:39 +0530 Subject: [PATCH] fix(telemetry-sync): drop predictable $$ tmp-file fallback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gstack-telemetry-sync tried 'mktemp /tmp/gstack-sync-XXXXXX' and on failure fell back to '/tmp/gstack-sync-$$'. $$ is the PID — predictable and reusable, so on shared hosts another user can pre-create or symlink the path and either steal the response body or clobber an unrelated file when curl writes through it. Drop the fallback. If mktemp cannot produce a unique file we just skip this sync cycle — the events stay on disk and the next run picks them up. Also install an EXIT trap so the response file is cleaned up on unexpected exit, not just on the happy path. --- bin/gstack-telemetry-sync | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/gstack-telemetry-sync b/bin/gstack-telemetry-sync index 93cf2707a..20f322043 100755 --- a/bin/gstack-telemetry-sync +++ b/bin/gstack-telemetry-sync @@ -107,7 +107,13 @@ BATCH="$BATCH]" [ "$COUNT" -eq 0 ] && exit 0 # ─── POST to edge function ─────────────────────────────────── -RESP_FILE="$(mktemp /tmp/gstack-sync-XXXXXX 2>/dev/null || echo "/tmp/gstack-sync-$$")" +# Create response file atomically. If mktemp fails, refuse to continue rather +# than fall back to a predictable $$-based path (race + overwrite footgun). +RESP_FILE="$(mktemp "${TMPDIR:-/tmp}/gstack-sync-XXXXXX")" || { + echo "gstack-telemetry-sync: mktemp failed — skipping this run" >&2 + exit 0 +} +trap 'rm -f "$RESP_FILE"' EXIT HTTP_CODE="$(curl -s -w '%{http_code}' --max-time 10 \ -X POST "${SUPABASE_URL}/functions/v1/telemetry-ingest" \ -H "Content-Type: application/json" \