Mercurial > emacs
changeset 35016:731a7aca9458
Avoid security hole allowing attacker to
cause user of rcs2log to overwrite arbitrary files, fixing
a bug reported by Morten Welinder.
Don't put "exit 1" at the end of the exit trap; it's
ineffective in POSIX shells.
| author | Gerd Moellmann <gerd@gnu.org> |
|---|---|
| date | Wed, 03 Jan 2001 12:04:06 +0000 |
| parents | ad30dea71688 |
| children | 53c3e3f3949b |
| files | lib-src/rcs2log |
| diffstat | 1 files changed, 7 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/lib-src/rcs2log Wed Jan 03 00:31:18 2001 +0000 +++ b/lib-src/rcs2log Wed Jan 03 12:04:06 2001 +0000 @@ -28,7 +28,7 @@ Report bugs to <bug-gnu-emacs@gnu.org>.' -Id='$Id: rcs2log,v 1.44 1998/08/12 14:22:14 eggert Exp eggert $' +Id='$Id: rcs2log,v 1.46 2001/01/02 18:50:14 eggert Exp $' # Copyright 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc. @@ -300,10 +300,12 @@ esac esac -llogout=$TMPDIR/rcs2log$$l -rlogout=$TMPDIR/rcs2log$$r +logdir=$TMPDIR/rcs2log$$ +llogout=$logdir/l +rlogout=$logdir/r trap exit 1 2 13 15 -trap "rm -f $llogout $rlogout; exit 1" 0 +trap "rm -fr $logdir 2>/dev/null" 0 +(umask 077 && exec mkdir $logdir) || exit case $datearg in ?*) $rlog $rlog_options "$datearg" ${1+"$@"} >$rlogout;; @@ -670,7 +672,7 @@ # Exit successfully. -exec rm -f $llogout $rlogout +exec rm -fr $logdir # Local Variables: # tab-width:4