From: Bart Schaefer <schaefer@brasslantern.com>
To: zsh-workers@zsh.org
Subject: Re: [PATCH] Re: Insecure tempfile creation
Date: Sun, 28 Dec 2014 00:41:01 -0800 [thread overview]
Message-ID: <141228004101.ZM28486@torch.brasslantern.com> (raw)
In-Reply-To: <141227234421.ZM16038@torch.brasslantern.com>
On Dec 27, 11:44pm, Bart Schaefer wrote:
}
} I suppose =(<<<'') would actually be better, since it won't fork. Hm.
}
} This patch does not yet tackle uses of "/tmp" that do not use $TMPPREFIX
Fortunately I didn't find any of the latter except for the previously
identified one in _cvs (_cvs_run). So the patch below changes the use
of =(:) to =(<<<'') and repairs _cvs_run to create the temp directory
in a safe (I hope) manner. Apply on top of 34067.
diff --git a/Completion/Base/Widget/_complete_debug b/Completion/Base/Widget/_complete_debug
index 00f600e..50fc809 100644
--- a/Completion/Base/Widget/_complete_debug
+++ b/Completion/Base/Widget/_complete_debug
@@ -9,7 +9,7 @@ local pager w="${(qq)words}"
integer debug_fd=-1
{
if [[ -t 2 ]]; then
- mv -f =(:) $tmp &&
+ mv -f =(<<<'') $tmp &&
exec {debug_fd}>&2 2>| $tmp
fi
diff --git a/Completion/Unix/Command/_cvs b/Completion/Unix/Command/_cvs
index 3c06e04..31997ec 100644
--- a/Completion/Unix/Command/_cvs
+++ b/Completion/Unix/Command/_cvs
@@ -704,15 +704,18 @@ _cvs_sub_modules() {
_cvs_run() {
local cvsroot="$1" dir="$2"
shift 2
- local d=/tmp/zsh-cvs-work-$$
- mkdir $d >&/dev/null
- cd $d
- mkdir CVS >&/dev/null
+ local d=${TMPPREFIX:-/tmp/zsh}-cvs-work-$$
+ rm -rf $d
+ mkdir $d &&
+ (
+ chmod 0700 $d &&
+ builtin cd -q $d &&
+ mkdir CVS >&/dev/null || return 1
print -r - "$cvsroot" > CVS/Root
print "$dir" > CVS/Repository
print D > CVS/Entries
CVS_IGNORE_REMOTE_ROOT= cvs "$@"
- cd $OLDPWD
+ )
rm -rf $d
}
diff --git a/Completion/compinstall b/Completion/compinstall
index 7d34ee4..ae94993 100644
--- a/Completion/compinstall
+++ b/Completion/compinstall
@@ -1958,8 +1958,8 @@ if [[ -z $ifile || -d $ifile ]] ||
fi
local tmpout=${TMPPREFIX:-/tmp/zsh}compinstall$$
-mv -f =(:) $tmpout && # safe tempfile creation
-mv -f =(:) ${tmpout}x || return 1
+mv -f =(<<<'') $tmpout && # safe tempfile creation
+mv -f =(<<<'') ${tmpout}x || return 1
#
# Assemble the complete set of lines to
diff --git a/Functions/Calendar/calendar b/Functions/Calendar/calendar
index 08c4250..39fc431 100644
--- a/Functions/Calendar/calendar
+++ b/Functions/Calendar/calendar
@@ -254,7 +254,7 @@ if (( verbose )); then
fi
local mycmds="${TMPPREFIX:-/tmp/zsh}.calendar_cmds.$$"
-mv -f =(:) $mycmds
+mv -f =(<<<'') $mycmds
# start of subshell for OS file locking
(
diff --git a/Functions/Zftp/zfcd_match b/Functions/Zftp/zfcd_match
index 2c809c2..9159f49 100644
--- a/Functions/Zftp/zfcd_match
+++ b/Functions/Zftp/zfcd_match
@@ -29,7 +29,7 @@ if [[ $ZFTP_SYSTEM = UNIX* ]]; then
# () {
# zftp ls -LF $dir >|$1
# reply=($(awk '/\/$/ { print substr($1, 1, length($1)-1) }' $1))
-# } =(:)
+# } =(<<<'')
[[ -n $dir && $dir != */ ]] && dir="$dir/"
if [[ -n $WIDGET ]]; then
_wanted directories expl 'remote directory' \
diff --git a/Functions/Zftp/zfcget b/Functions/Zftp/zfcget
index 4359801..569ee9d 100644
--- a/Functions/Zftp/zfcget
+++ b/Functions/Zftp/zfcget
@@ -43,7 +43,7 @@ for remlist in $*; do
zftp remote $rem >|$1
rstat=$?
remst=($(<$1))
- } =(: temporary file)
+ } =(<<<'temporary file')
if [[ $rstat = 2 ]]; then
print "Server does not support SIZE command.\n" \
"Assuming you know what you're doing..." 2>&1
diff --git a/Functions/Zftp/zfcput b/Functions/Zftp/zfcput
index 2cf8fe2..eafecde 100644
--- a/Functions/Zftp/zfcput
+++ b/Functions/Zftp/zfcput
@@ -43,7 +43,7 @@ for loc in $*; do
zftp remote $rem >|$1
rstat=$?
remst=($(<$1))
- } =(: temporary file)
+ } =(<<<'temporary file')
if [[ $rstat = 2 ]]; then
print "Server does not support remote status commands.\n" \
"You will have to find out the size by hand and use zftp append." 2>&1
diff --git a/Functions/Zftp/zfget_match b/Functions/Zftp/zfget_match
index c2871fa..3ba06c4 100644
--- a/Functions/Zftp/zfget_match
+++ b/Functions/Zftp/zfget_match
@@ -10,7 +10,7 @@ fi
if [[ $ZFTP_SYSTEM == UNIX* && $1 == */* ]]; then
setopt localoptions clobber
local tmpf=${TMPPREFIX}zfgm$$
- mv -f =(:) $tmpf
+ mv -f =(<<<'') $tmpf
if [[ -n $WIDGET ]]; then
local dir=${1:h}
diff --git a/Functions/Zftp/zfrglob b/Functions/Zftp/zfrglob
index 5015be7..677b85f 100644
--- a/Functions/Zftp/zfrglob
+++ b/Functions/Zftp/zfrglob
@@ -38,7 +38,7 @@ if [[ $zfrglob != '' ]]; then
() {
zftp ls "$pat" >|$1 2>/dev/null
eval "$1=(\$(<\$1))"
- } =(: temporary file)
+ } =(<<<'temporary file')
else
if [[ $ZFTP_SYSTEM = UNIX* && $pat = */* ]]; then
# not the current directory and we know how to handle paths
@@ -52,7 +52,7 @@ else
() {
zftp ls "$dir" 2>/dev/null >|$1
files=($(<$1))
- } =(: temporary file)
+ } =(<<<'temporary file')
files=(${files:t})
else
# we just have to do an ls and hope that's right
diff --git a/Functions/Zftp/zftransfer b/Functions/Zftp/zftransfer
index 432e2f5..c97ae46 100644
--- a/Functions/Zftp/zftransfer
+++ b/Functions/Zftp/zftransfer
@@ -47,7 +47,7 @@ if [[ -n $style && $style != none ]]; then
() {
zftp remote $file1 >|$1 2>/dev/null
array=($(<$1))
- } =(: temporary file)
+ } =(<<<'temporary file')
[[ $#array -eq 2 ]] && ZFTP_TSIZE=$array[1]
fi
diff --git a/Functions/Zftp/zfuget b/Functions/Zftp/zfuget
index 7bdaedc..2850975 100644
--- a/Functions/Zftp/zfuget
+++ b/Functions/Zftp/zfuget
@@ -72,7 +72,7 @@ for remlist in $*; do
zftp remote $rem >|$1
rstat=$?
remstats=($(<$1))
- } =(: temporary file)
+ } =(<<<'temporary file')
if [[ $rstat = 2 ]]; then
print "Server does not implement full command set required." 1>&2
return 1
diff --git a/Functions/Zftp/zfuput b/Functions/Zftp/zfuput
index 24a3559..f4e6a0f 100644
--- a/Functions/Zftp/zfuput
+++ b/Functions/Zftp/zfuput
@@ -58,7 +58,7 @@ for rem in $*; do
zftp remote $rem >|$1
rstat=$?
remstats=($(<$1))
- } =(: temporary file)
+ } =(<<<'temporary file')
if [[ $rstat = 2 ]]; then
print "Server does not implement full command set required." 1>&2
return 1
next prev parent reply other threads:[~2014-12-28 8:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-22 20:36 Daniel Shahaf
2014-12-22 22:01 ` Mikael Magnusson
2014-12-23 2:07 ` Bart Schaefer
2014-12-28 6:30 ` Bart Schaefer
2014-12-28 7:44 ` [PATCH] " Bart Schaefer
2014-12-28 8:41 ` Bart Schaefer [this message]
2014-12-29 0:49 ` Daniel Shahaf
2014-12-29 4:01 ` Bart Schaefer
2015-01-07 22:03 ` Daniel Shahaf
2015-01-08 6:22 ` Bart Schaefer
2015-01-08 6:48 ` Danek Duvall
2015-01-08 8:08 ` Bart Schaefer
2015-01-08 14:10 ` Daniel Shahaf
2015-01-08 14:24 ` Peter Stephenson
2015-01-08 16:35 ` Ray Andrews
2015-01-08 17:40 ` Peter Stephenson
2015-01-09 2:51 ` Mikael Magnusson
2015-01-09 9:02 ` Peter Stephenson
2015-01-09 12:51 ` Peter Stephenson
2015-01-09 13:35 ` Peter Stephenson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=141228004101.ZM28486@torch.brasslantern.com \
--to=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).