On Mon, Jun 16, 2014 at 11:17:46AM -0700, Junio C Hamano wrote:
> David Aguilar writes:
>
> > Hmm.. I guess what I could do is keep the old behavior (having gitk ignore
> > TMPDIR)
> > on Windows and only use the new code path on non-Windows.
>
> Or perhaps attempt to create, catch error and th
David Aguilar writes:
> Hmm.. I guess what I could do is keep the old behavior (having gitk ignore
> TMPDIR)
> on Windows and only use the new code path on non-Windows.
Or perhaps attempt to create, catch error and then retry the old way?
Hopefully Windows folks do not have to worry about forg
Am 15.06.2014 09:51, schrieb Pat Thoyts:
> David Aguilar writes:
>
>> gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
>> a temporary directory.
>>
>> Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone
>> seeding /tmp with files matching the pid pattern.
>>
>> Signed-
On Sun, Jun 15, 2014 at 02:49:29PM -0700, David Aguilar wrote:
> I don't think this requires a CVE since it's basically plugging a hole
> that my previous patch introduced by making gitk honor the TMPDIR
> variable; it hasn't strictly been in any release yet.
Yeah, that's not needed, then. I didn
On Sun, Jun 15, 2014 at 04:32:27PM +, brian m. carlson wrote:
> On Sun, Jun 15, 2014 at 08:51:23AM +0100, Pat Thoyts wrote:
> > David Aguilar writes:
> > >--- a/gitk
> > >+++ b/gitk
> > >@@ -3502,7 +3502,8 @@ proc gitknewtmpdir {} {
> > > } else {
> > > set tmpdir $gitdir
> > > }
> >
On Sun, Jun 15, 2014 at 08:51:23AM +0100, Pat Thoyts wrote:
> David Aguilar writes:
> >--- a/gitk
> >+++ b/gitk
> >@@ -3502,7 +3502,8 @@ proc gitknewtmpdir {} {
> > } else {
> > set tmpdir $gitdir
> > }
> >-set gitktmpdir [file join $tmpdir [format ".gitk-tmp.%s" [pid]]]
> >+
David Aguilar writes:
>gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
>a temporary directory.
>
>Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone
>seeding /tmp with files matching the pid pattern.
>
>Signed-off-by: David Aguilar
>---
>This issue was brought up du
On Fri, Jun 13, 2014 at 02:43:48PM -0700, David Aguilar wrote:
> gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
> a temporary directory.
>
> Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone
> seeding /tmp with files matching the pid pattern.
>
> Signed-off-by: Dav
gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
a temporary directory.
Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone
seeding /tmp with files matching the pid pattern.
Signed-off-by: David Aguilar
---
This issue was brought up during the first review of the prev
9 matches
Mail list logo