From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25097 invoked by alias); 29 Dec 2014 04:02:00 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34073 Received: (qmail 24766 invoked from network); 29 Dec 2014 04:01:58 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=LrklEcZZ c=1 sm=1 tr=0 a=FT8er97JFeGWzr5TCOCO5w==:117 a=kj9zAlcOel0A:10 a=q2GGsy2AAAAA:8 a=oR5dmqMzAAAA:8 a=-9mUelKeXuEA:10 a=A92cGCtB03wA:10 a=hkJ7hJeXDZxJw2aOsCIA:9 a=CjuIK1q_8ugA:10 From: Bart Schaefer Message-id: <141228200142.ZM22840@torch.brasslantern.com> Date: Sun, 28 Dec 2014 20:01:42 -0800 In-reply-to: <20141229004957.GA1737@tarsus.local2> Comments: In reply to Daniel Shahaf "Re: [PATCH] Re: Insecure tempfile creation" (Dec 29, 12:49am) References: <20141222203624.GA24855@tarsus.local2> <141227223029.ZM15959@torch.brasslantern.com> <141227234421.ZM16038@torch.brasslantern.com> <141228004101.ZM28486@torch.brasslantern.com> <20141229004957.GA1737@tarsus.local2> X-Mailer: OpenZMail Classic (0.9.2 24April2005) To: Subject: Re: [PATCH] Re: Insecure tempfile creation MIME-version: 1.0 Content-type: text/plain; charset=us-ascii On Dec 29, 12:49am, Daniel Shahaf wrote: } } Your patches look good to me, including the rmdir I avoided using "mkdir -m 0700" in favor of the chmod but then found some other places where mkdir is passed the -m option. So maybe that should be tweaked. } but except for: } } > - } =(: temporary file) } > + } =(<<<'temporary file') } } I assume =(<<<'') was the intention. I meant to say something about that but forgot. The places where I left that immediately use >|$1 to clobber the file, so it doesn't matter if the file starts out empty; I hoped it could be a clue to the reader what was going on.