[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sh-tmp-file inserts unsafe code
From: |
Sven Joachim |
Subject: |
Re: sh-tmp-file inserts unsafe code |
Date: |
Tue, 11 Oct 2005 15:53:54 +0200 |
User-agent: |
Mozilla Thunderbird 1.0.7 (X11/20051001) |
Richard M. Stallman wrote:
> I installed your changes, and tried extrapolating them to the other shells.
> Thanks.
Well, I wasn't lazy either. :-) Yesterday I installed the es and rc
shells, read their manpages and worked out how they do command
substitution. Both of them use the syntax
`{ commands }
to substitute the group of COMMANDS. Together with Reiner's suggestion
to use the "-t" flag of mktemp (which is more compliant with the GNU
coding standards, honoring the user's TMPDIR environment variable) I
worked out the following patch:
*** sh-script.el 2005-10-10 21:23:45 +0200 1.167
--- sh-script.el 2005-10-11 15:40:08 +0200
***************
*** 3392,3411 ****
"Insert code to setup temporary file handling. See `sh-feature'."
(bash sh-append ksh88)
(csh (file-name-nondirectory (buffer-file-name))
! "set tmp = `mktemp /tmp/" str ".XXXXXX`" \n
"onintr exit" \n _
(and (goto-char (point-max))
(not (bolp))
?\n)
"exit:\n"
"rm $tmp* >&/dev/null" > \n)
- ;; The change to use mktemp here has not been tested;
- ;; I don't know es syntax, so I had to guess.
- ;; If you try it, or if you know es syntax and can check it,
- ;; please tell me whether it needs any change. --rms.
(es (file-name-nondirectory (buffer-file-name))
! > "local( signals = $signals sighup sigint; tmp = `mktemp /tmp/" str
! ".XXXXXX` ) {" \n
> "catch @ e {" \n
> "rm $tmp^* >[2]/dev/null" \n
"throw $e" \n
--- 3392,3407 ----
"Insert code to setup temporary file handling. See `sh-feature'."
(bash sh-append ksh88)
(csh (file-name-nondirectory (buffer-file-name))
! "set tmp = `mktemp -t " str ".XXXXXX`" \n
"onintr exit" \n _
(and (goto-char (point-max))
(not (bolp))
?\n)
"exit:\n"
"rm $tmp* >&/dev/null" > \n)
(es (file-name-nondirectory (buffer-file-name))
! > "local( signals = $signals sighup sigint;" \n
! > "tmp = `{ mktemp -t " str ".XXXXXX } ) {" \n
> "catch @ e {" \n
> "rm $tmp^* >[2]/dev/null" \n
"throw $e" \n
***************
*** 3415,3429 ****
?\} > \n)
(ksh88 sh-modify sh
7 "EXIT")
- ;; The change to use mktemp here has not been tested;
- ;; I don't know rc syntax, so I had to guess.
- ;; If you try it, or if you know rc syntax and can check it,
- ;; please tell me whether it needs any change. --rms.
(rc (file-name-nondirectory (buffer-file-name))
! > "tmp = `mktemp /tmp/" str ".XXXXXX`" \n
"fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
(sh (file-name-nondirectory (buffer-file-name))
! > "TMP=`mktemp ${TMPDIR:-/tmp}/" str ".XXXXXX`" \n
"trap \"rm $TMP* 2>/dev/null\" " ?0 \n))
--- 3411,3421 ----
?\} > \n)
(ksh88 sh-modify sh
7 "EXIT")
(rc (file-name-nondirectory (buffer-file-name))
! > "tmp = `{ mktemp -t " str ".XXXXXX }" \n
"fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
(sh (file-name-nondirectory (buffer-file-name))
! > "TMP=`mktemp -t " str ".XXXXXX`" \n
"trap \"rm $TMP* 2>/dev/null\" " ?0 \n))
I have tested it with example scripts, the code seems to be correct.
Note that font-lock-mode will mis-fontify es and rc scripts because of
the single backtick.
Re: sh-tmp-file inserts unsafe code, Kevin Rodgers, 2005/10/10