On 10/14/18 7:10 PM, Levente Polyak via aur-general wrote: > Hi Daniel, > > On 10/14/18 9:49 PM, Daniel Bermond via aur-general wrote: >> I have a project of my own called screencast[4], which is a command line >> interface to record a X11 desktop using FFmpeg, having support for offline >> recording, live streaming and the capability of adding some effects. It's >> written in pure POSIX/portable shellscript. > > Just took some seconds of reading screencast and i noticed the following > that you may want to fix as i didn't spot in a 10sec lookup what would > mitigate the following: > > https://github.com/dbermond/screencast/blob/HEAD/src/settings_general.sh#L31 > > You are using /tmp here, you should replace processing with a safe user > owned directory aquired by `mktemp`. > > The reason: > > Its vulnerable to symlink attacks, you can delete arbitrary user owned > files via: > https://github.com/dbermond/screencast/blob/HEAD/src/system.sh#L31 > > Or steal secret data like ssh or gnipg secret keys by moving it outside > of a user-only accessable folder via a `mv` gadget: > > https://github.com/dbermond/screencast/blob/HEAD/src/system.sh#L40 > > cheers, > Levente
Hi Levente, Thank you for pointing this! Although mktemp is not defined by the POSIX specification, it passes the shellcheck POSIX test with /bin/sh. I think it will not defeat the POSIX purpose of the script. Googling for it suggests that it's present everywhere nowadays. I can check for it's presence on the system and use it if available, otherwise fallback to the poor /tmp or something else. I'll be implementing this as soon as I can, and also some Eli suggestions. -- Best regards, Daniel Bermond
signature.asc
Description: OpenPGP digital signature
