Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 May 2001 22:05:53 +0300
From: Jarno Huuskonen <Jarno.Huuskonen@....fi>
To: owl-users@...ts.openwall.com
Subject: gawk (igawk) tempfiles

Hi,

igawk from gawk-3.0.6 uses /tmp/ig.s.$$ for tempfile. I made this
(not tested) patch so igawk'll use mktemp:
--------------------
--- gawk-3.0.6/awklib/eg/prog/igawk.sh	Tue Aug  8 02:03:36 2000
+++ gawk-3.0.6-jh/awklib/eg/prog/igawk.sh	Fri May 25 18:34:21 2001
@@ -4,13 +4,32 @@
 # Arnold Robbins, arnold@....org, Public Domain
 # July 1993
 
+if [ ! -x /bin/mktemp ]; then
+    echo "$0 needs mktemp to create temporary files."
+    exit 1
+fi
+
+STEMPFILE=`/bin/mktemp /tmp/igawk.s.XXXXXX`
+#STEMPFILE=`/bin/mktemp ${TMPDIR:-/tmp}/igawk.s.XXXXXX`
+if [ $? -ne 0 ]; then
+    echo "$0: mktemp cannot create temporary file."
+    exit 1
+fi
+
+ETEMPFILE=`/bin/mktemp /tmp/igawk.e.XXXXXX`
+#ETEMPFILE=`/bin/mktemp ${TMPDIR:-/tmp}/igawk.e.XXXXXX`
+if [ $? -ne 0 ]; then
+    echo "$0: mktemp cannot create temporary file."
+    exit 1
+fi
+
 if [ "$1" = debug ]
 then
     set -x
     shift
 else
     # cleanup on exit, hangup, interrupt, quit, termination
-    trap 'rm -f /tmp/ig.[se].$$' 0 1 2 3 15
+    trap 'rm -f $STEMPFILE $ETEMPFILE' 0 1 2 3 15
 fi
 
 while [ $# -ne 0 ] # loop over arguments
@@ -27,26 +46,26 @@
 
     -[vF]*) opts="$opts '$1'" ;;
 
-    -f)     echo @include "$2" >> /tmp/ig.s.$$
+    -f)     echo @include "$2" >> $STEMPFILE
             shift;;
 
     -f*)    f=`echo "$1" | sed 's/-f//'`
-            echo @include "$f" >> /tmp/ig.s.$$ ;;
+            echo @include "$f" >> $STEMPFILE ;;
 
     -?file=*)    # -Wfile or --file
             f=`echo "$1" | sed 's/-.file=//'`
-            echo @include "$f" >> /tmp/ig.s.$$ ;;
+            echo @include "$f" >> $STEMPFILE ;;
 
     -?file)    # get arg, $2
-            echo @include "$2" >> /tmp/ig.s.$$
+            echo @include "$2" >> $STEMPFILE
             shift;;
 
     -?source=*)    # -Wsource or --source
             t=`echo "$1" | sed 's/-.source=//'`
-            echo "$t" >> /tmp/ig.s.$$ ;;
+            echo "$t" >> $STEMPFILE ;;
 
     -?source)  # get arg, $2
-            echo "$2" >> /tmp/ig.s.$$
+            echo "$2" >> $STEMPFILE
             shift;;
 
     -?version)
@@ -61,19 +80,19 @@
     shift
 done
 
-if [ ! -s /tmp/ig.s.$$ ]
+if [ ! -s $STEMPFILE ]
 then
     if [ -z "$1" ]
     then
          echo igawk: no program! 1>&2
          exit 1
     else
-        echo "$1" > /tmp/ig.s.$$
+        echo "$1" > $STEMPFILE
         shift
     fi
 fi
 
-# at this point, /tmp/ig.s.$$ has the program
+# at this point, $STEMPFILE has the program
 gawk -- '
 # process @include directives
 function pathto(file,    i, t, junk)
@@ -123,7 +142,7 @@
         }
         close(input[stackptr])
     }
-}' /tmp/ig.s.$$ > /tmp/ig.e.$$
-eval gawk -f /tmp/ig.e.$$ $opts -- "$@"
+}' $STEMPFILE > $ETEMPFILE
+eval gawk -f $ETEMPFILE $opts -- "$@"
 
 exit $?

--------------------

Also some scripts from gzip (zdiff, znew) use similar tempfiles. 
( At least Michal Zalewski has found the same problems a while ago:
http://security-archive.merton.ox.ac.uk/linux-security-199803/0031.html )

-Jarno

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.