Re: [perl #15063] /tmp issues

Message-ID: <20040125222218.GA13499@openwall.com> Remove insecure usage of /tmp from code and documentation p4raw-id: //depot/perl@22258
author: Solar Designer <solar@openwall.com> 2004-01-26 04:22:18 +0300
committer: Dave Mitchell <davem@fdisolutions.com> 2004-02-01 17:40:02 +0000
commit: 2359510ddb135dcc6e80153f51cff0a97b20b597 (patch)
tree: b074c5df813a1e3e529f0330620b456ecc4988e6 /utils
parent: a95a5f75a0e72874474834cd9e274afa0f23b6d8 (diff)
download: perl-2359510ddb135dcc6e80153f51cff0a97b20b597.tar.gz
1 files changed, 16 insertions, 8 deletions
diff --git a/utils/c2ph.PL b/utils/c2ph.PL
index 91ecc04552..9cb89376cf 100644
--- a/utils/c2ph.PL
+++ b/utils/c2ph.PL
@@ -280,6 +280,7 @@ Anyway, here it is.  Should run on perl v4 or greater.  Maybe less.
 
 $RCSID = '$Id: c2ph,v 1.7 95/10/28 10:41:47 tchrist Exp Locker: tchrist $';
 
+use File::Temp;
 
 ######################################################################
 
@@ -480,6 +481,13 @@ sub defvar {
     printf "%-16s%-15s  %s\n", $var, eval "\$$var", $msg;
 }
 
+sub safedir {
+    $SAFEDIR = File::Temp::tempdir("c2ph.XXXXXX", TMPDIR => 1, CLEANUP => 1)
+      unless (defined($SAFEDIR));
+}
+
+undef $SAFEDIR;
+
 $recurse = 1;
 
 if (@ARGV) {
@@ -495,15 +503,15 @@ if (@ARGV) {
     }
     elsif (@ARGV == 1 && $ARGV[0] =~ /\.c$/) {
 	local($dir, $file) = $ARGV[0] =~ m#(.*/)?(.*)$#;
-	$chdir = "cd $dir; " if $dir;
+	$chdir = "cd $dir && " if $dir;
 	&system("$chdir$CC $CFLAGS $DEFINES $file") && exit 1;
 	$ARGV[0] =~ s/\.c$/.s/;
     }
     else {
-	$TMPDIR = tempdir(CLEANUP => 1);
-	$TMP = "$TMPDIR/c2ph.$$.c";
+	&safedir;
+	$TMP = "$SAFEDIR/c2ph.$$.c";
 	&system("cat @ARGV > $TMP") && exit 1;
-	&system("cd $TMPDIR; $CC $CFLAGS $DEFINES $TMP") && exit 1;
+	&system("cd $SAFEDIR && $CC $CFLAGS $DEFINES $TMP") && exit 1;
 	unlink $TMP;
 	$TMP =~ s/\.c$/.s/;
 	@ARGV = ($TMP);
@@ -1274,8 +1282,8 @@ sub fetch_template {
 }
 
 sub compute_intrinsics {
-    $TMPDIR ||= tempdir(CLEANUP => 1);
-    local($TMP) = "$TMPDIR/c2ph-i.$$.c";
+    &safedir;
+    local($TMP) = "$SAFEDIR/c2ph-i.$$.c";
     open (TMP, ">$TMP") || die "can't open $TMP: $!";
     select(TMP);
 
@@ -1303,7 +1311,7 @@ EOF
     close TMP;
 
     select(STDOUT);
-    open(PIPE, "cd $TMPDIR && $CC $TMP && $TMPDIR/a.out|");
+    open(PIPE, "cd $SAFEDIR && $CC $TMP && $SAFEDIR/a.out|");
     while (<PIPE>) {
 	chop;
 	split(' ',$_,2);;
@@ -1312,7 +1320,7 @@ EOF
 	$intrinsics{$_[1]} = $template{$_[0]};
     }
     close(PIPE) || die "couldn't read intrinsics!";
-    unlink($TMP, '$TMPDIR/a.out');
+    unlink($TMP, '$SAFEDIR/a.out');
     print STDERR "done\n" if $trace;
 }
author	Solar Designer <solar@openwall.com>	2004-01-26 04:22:18 +0300
committer	Dave Mitchell <davem@fdisolutions.com>	2004-02-01 17:40:02 +0000
commit	2359510ddb135dcc6e80153f51cff0a97b20b597 (patch)
tree	b074c5df813a1e3e529f0330620b456ecc4988e6 /utils
parent	a95a5f75a0e72874474834cd9e274afa0f23b6d8 (diff)
download	perl-2359510ddb135dcc6e80153f51cff0a97b20b597.tar.gz