The following commit has been merged in the master branch:
commit 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
Author: Jim Meyering <[email protected]>
Date: Mon Aug 13 15:44:49 2012 +0200
annotate-output: prevent symlink attack
* annotate-output: Fix to prevent symlink attack: don't delete
safely-created file and reuse its name. Instead, create temporary
directory and create FIFOs therein. Also, be sure to remove
temporaries upon catchable signal.
Signed-off-by: James McCoy <[email protected]>
diff --git a/scripts/annotate-output.sh b/scripts/annotate-output.sh
index be0df3d..a1e1a31 100755
--- a/scripts/annotate-output.sh
+++ b/scripts/annotate-output.sh
@@ -62,10 +62,14 @@ if [ $# -lt 1 ]; then
exit 1
fi
-OUT=`mktemp --tmpdir annotate.XXXXXX` || exit 1
-ERR=`mktemp --tmpdir annotate.XXXXXX` || exit 1
+cleanup() { __st=$?; rm -rf "$tmp"; exit $__st; }
+trap cleanup 0
+trap 'exit $?' 1 2 13 15
+
+tmp=$(mktemp -d --tmpdir annotate.XXXXXX) || exit 1
+OUT=$tmp/out
+ERR=$tmp/err
-rm -f $OUT $ERR
mkfifo $OUT $ERR || exit 1
addtime O < $OUT &
--
Git repository for devscripts
_______________________________________________
devscripts-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
