From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17876 invoked by alias); 28 Dec 2014 08:41:23 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34068 Received: (qmail 1288 invoked from network); 28 Dec 2014 08:41:08 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=B94OC1pJ c=1 sm=1 tr=0 a=FT8er97JFeGWzr5TCOCO5w==:117 a=kj9zAlcOel0A:10 a=q2GGsy2AAAAA:8 a=oR5dmqMzAAAA:8 a=-9mUelKeXuEA:10 a=A92cGCtB03wA:10 a=mNvtPl-X9g8LYaIcH4gA:9 a=bjjzL851wFURDB-1:21 a=lkX-BmraaKcBgFRt:21 a=CjuIK1q_8ugA:10 From: Bart Schaefer Message-id: <141228004101.ZM28486@torch.brasslantern.com> Date: Sun, 28 Dec 2014 00:41:01 -0800 In-reply-to: <141227234421.ZM16038@torch.brasslantern.com> Comments: In reply to Bart Schaefer "[PATCH] Re: Insecure tempfile creation" (Dec 27, 11:44pm) References: <20141222203624.GA24855@tarsus.local2> <141227223029.ZM15959@torch.brasslantern.com> <141227234421.ZM16038@torch.brasslantern.com> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: zsh-workers@zsh.org Subject: Re: [PATCH] Re: Insecure tempfile creation MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Dec 27, 11:44pm, Bart Schaefer wrote: } } I suppose =(<<<'') would actually be better, since it won't fork. Hm. } } This patch does not yet tackle uses of "/tmp" that do not use $TMPPREFIX Fortunately I didn't find any of the latter except for the previously identified one in _cvs (_cvs_run). So the patch below changes the use of =(:) to =(<<<'') and repairs _cvs_run to create the temp directory in a safe (I hope) manner. Apply on top of 34067. diff --git a/Completion/Base/Widget/_complete_debug b/Completion/Base/Widget/_complete_debug index 00f600e..50fc809 100644 --- a/Completion/Base/Widget/_complete_debug +++ b/Completion/Base/Widget/_complete_debug @@ -9,7 +9,7 @@ local pager w="${(qq)words}" integer debug_fd=-1 { if [[ -t 2 ]]; then - mv -f =(:) $tmp && + mv -f =(<<<'') $tmp && exec {debug_fd}>&2 2>| $tmp fi diff --git a/Completion/Unix/Command/_cvs b/Completion/Unix/Command/_cvs index 3c06e04..31997ec 100644 --- a/Completion/Unix/Command/_cvs +++ b/Completion/Unix/Command/_cvs @@ -704,15 +704,18 @@ _cvs_sub_modules() { _cvs_run() { local cvsroot="$1" dir="$2" shift 2 - local d=/tmp/zsh-cvs-work-$$ - mkdir $d >&/dev/null - cd $d - mkdir CVS >&/dev/null + local d=${TMPPREFIX:-/tmp/zsh}-cvs-work-$$ + rm -rf $d + mkdir $d && + ( + chmod 0700 $d && + builtin cd -q $d && + mkdir CVS >&/dev/null || return 1 print -r - "$cvsroot" > CVS/Root print "$dir" > CVS/Repository print D > CVS/Entries CVS_IGNORE_REMOTE_ROOT= cvs "$@" - cd $OLDPWD + ) rm -rf $d } diff --git a/Completion/compinstall b/Completion/compinstall index 7d34ee4..ae94993 100644 --- a/Completion/compinstall +++ b/Completion/compinstall @@ -1958,8 +1958,8 @@ if [[ -z $ifile || -d $ifile ]] || fi local tmpout=${TMPPREFIX:-/tmp/zsh}compinstall$$ -mv -f =(:) $tmpout && # safe tempfile creation -mv -f =(:) ${tmpout}x || return 1 +mv -f =(<<<'') $tmpout && # safe tempfile creation +mv -f =(<<<'') ${tmpout}x || return 1 # # Assemble the complete set of lines to diff --git a/Functions/Calendar/calendar b/Functions/Calendar/calendar index 08c4250..39fc431 100644 --- a/Functions/Calendar/calendar +++ b/Functions/Calendar/calendar @@ -254,7 +254,7 @@ if (( verbose )); then fi local mycmds="${TMPPREFIX:-/tmp/zsh}.calendar_cmds.$$" -mv -f =(:) $mycmds +mv -f =(<<<'') $mycmds # start of subshell for OS file locking ( diff --git a/Functions/Zftp/zfcd_match b/Functions/Zftp/zfcd_match index 2c809c2..9159f49 100644 --- a/Functions/Zftp/zfcd_match +++ b/Functions/Zftp/zfcd_match @@ -29,7 +29,7 @@ if [[ $ZFTP_SYSTEM = UNIX* ]]; then # () { # zftp ls -LF $dir >|$1 # reply=($(awk '/\/$/ { print substr($1, 1, length($1)-1) }' $1)) -# } =(:) +# } =(<<<'') [[ -n $dir && $dir != */ ]] && dir="$dir/" if [[ -n $WIDGET ]]; then _wanted directories expl 'remote directory' \ diff --git a/Functions/Zftp/zfcget b/Functions/Zftp/zfcget index 4359801..569ee9d 100644 --- a/Functions/Zftp/zfcget +++ b/Functions/Zftp/zfcget @@ -43,7 +43,7 @@ for remlist in $*; do zftp remote $rem >|$1 rstat=$? remst=($(<$1)) - } =(: temporary file) + } =(<<<'temporary file') if [[ $rstat = 2 ]]; then print "Server does not support SIZE command.\n" \ "Assuming you know what you're doing..." 2>&1 diff --git a/Functions/Zftp/zfcput b/Functions/Zftp/zfcput index 2cf8fe2..eafecde 100644 --- a/Functions/Zftp/zfcput +++ b/Functions/Zftp/zfcput @@ -43,7 +43,7 @@ for loc in $*; do zftp remote $rem >|$1 rstat=$? remst=($(<$1)) - } =(: temporary file) + } =(<<<'temporary file') if [[ $rstat = 2 ]]; then print "Server does not support remote status commands.\n" \ "You will have to find out the size by hand and use zftp append." 2>&1 diff --git a/Functions/Zftp/zfget_match b/Functions/Zftp/zfget_match index c2871fa..3ba06c4 100644 --- a/Functions/Zftp/zfget_match +++ b/Functions/Zftp/zfget_match @@ -10,7 +10,7 @@ fi if [[ $ZFTP_SYSTEM == UNIX* && $1 == */* ]]; then setopt localoptions clobber local tmpf=${TMPPREFIX}zfgm$$ - mv -f =(:) $tmpf + mv -f =(<<<'') $tmpf if [[ -n $WIDGET ]]; then local dir=${1:h} diff --git a/Functions/Zftp/zfrglob b/Functions/Zftp/zfrglob index 5015be7..677b85f 100644 --- a/Functions/Zftp/zfrglob +++ b/Functions/Zftp/zfrglob @@ -38,7 +38,7 @@ if [[ $zfrglob != '' ]]; then () { zftp ls "$pat" >|$1 2>/dev/null eval "$1=(\$(<\$1))" - } =(: temporary file) + } =(<<<'temporary file') else if [[ $ZFTP_SYSTEM = UNIX* && $pat = */* ]]; then # not the current directory and we know how to handle paths @@ -52,7 +52,7 @@ else () { zftp ls "$dir" 2>/dev/null >|$1 files=($(<$1)) - } =(: temporary file) + } =(<<<'temporary file') files=(${files:t}) else # we just have to do an ls and hope that's right diff --git a/Functions/Zftp/zftransfer b/Functions/Zftp/zftransfer index 432e2f5..c97ae46 100644 --- a/Functions/Zftp/zftransfer +++ b/Functions/Zftp/zftransfer @@ -47,7 +47,7 @@ if [[ -n $style && $style != none ]]; then () { zftp remote $file1 >|$1 2>/dev/null array=($(<$1)) - } =(: temporary file) + } =(<<<'temporary file') [[ $#array -eq 2 ]] && ZFTP_TSIZE=$array[1] fi diff --git a/Functions/Zftp/zfuget b/Functions/Zftp/zfuget index 7bdaedc..2850975 100644 --- a/Functions/Zftp/zfuget +++ b/Functions/Zftp/zfuget @@ -72,7 +72,7 @@ for remlist in $*; do zftp remote $rem >|$1 rstat=$? remstats=($(<$1)) - } =(: temporary file) + } =(<<<'temporary file') if [[ $rstat = 2 ]]; then print "Server does not implement full command set required." 1>&2 return 1 diff --git a/Functions/Zftp/zfuput b/Functions/Zftp/zfuput index 24a3559..f4e6a0f 100644 --- a/Functions/Zftp/zfuput +++ b/Functions/Zftp/zfuput @@ -58,7 +58,7 @@ for rem in $*; do zftp remote $rem >|$1 rstat=$? remstats=($(<$1)) - } =(: temporary file) + } =(<<<'temporary file') if [[ $rstat = 2 ]]; then print "Server does not implement full command set required." 1>&2 return 1