diff options
| author | Gerd Moellmann <gerd@gnu.org> | 2001-01-03 12:04:06 +0000 |
|---|---|---|
| committer | Gerd Moellmann <gerd@gnu.org> | 2001-01-03 12:04:06 +0000 |
| commit | 38186d678fae2781c441c2e9273d97243647a7ad (patch) | |
| tree | d6cc4c274a9f4fa7db981bb9ef82bd5f60a8663c /lib-src/rcs2log | |
| parent | 04212fcbbd5616b5fb4c64b9ac35a8abca64cb40 (diff) | |
| download | emacs-38186d678fae2781c441c2e9273d97243647a7ad.tar.gz | |
Avoid security hole allowing attacker to
cause user of rcs2log to overwrite arbitrary files, fixing
a bug reported by Morten Welinder.
Don't put "exit 1" at the end of the exit trap; it's
ineffective in POSIX shells.
Diffstat (limited to 'lib-src/rcs2log')
| -rwxr-xr-x | lib-src/rcs2log | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/lib-src/rcs2log b/lib-src/rcs2log index f41552e110d..dd49a04f3c2 100755 --- a/lib-src/rcs2log +++ b/lib-src/rcs2log @@ -28,7 +28,7 @@ Options: Report bugs to <bug-gnu-emacs@gnu.org>.' -Id='$Id: rcs2log,v 1.44 1998/08/12 14:22:14 eggert Exp eggert $' +Id='$Id: rcs2log,v 1.46 2001/01/02 18:50:14 eggert Exp $' # Copyright 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc. @@ -300,10 +300,12 @@ case $# in esac esac -llogout=$TMPDIR/rcs2log$$l -rlogout=$TMPDIR/rcs2log$$r +logdir=$TMPDIR/rcs2log$$ +llogout=$logdir/l +rlogout=$logdir/r trap exit 1 2 13 15 -trap "rm -f $llogout $rlogout; exit 1" 0 +trap "rm -fr $logdir 2>/dev/null" 0 +(umask 077 && exec mkdir $logdir) || exit case $datearg in ?*) $rlog $rlog_options "$datearg" ${1+"$@"} >$rlogout;; @@ -670,7 +672,7 @@ $AWK ' # Exit successfully. -exec rm -f $llogout $rlogout +exec rm -fr $logdir # Local Variables: # tab-width:4 |