OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jarno Huuskonen (Jarno.Huuskonenuku.fi)
Date: Fri May 25 2001 - 14:05:53 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    igawk from gawk-3.0.6 uses /tmp/ig.s.$$ for tempfile. I made this
    (not tested) patch so igawk'll use mktemp:
    --------------------
    --- gawk-3.0.6/awklib/eg/prog/igawk.sh Tue Aug 8 02:03:36 2000
    +++ gawk-3.0.6-jh/awklib/eg/prog/igawk.sh Fri May 25 18:34:21 2001
    -4,13 +4,32
     # Arnold Robbins, arnoldgnu.org, Public Domain
     # July 1993
     
    +if [ ! -x /bin/mktemp ]; then
    + echo "$0 needs mktemp to create temporary files."
    + exit 1
    +fi
    +
    +STEMPFILE=`/bin/mktemp /tmp/igawk.s.XXXXXX`
    +#STEMPFILE=`/bin/mktemp ${TMPDIR:-/tmp}/igawk.s.XXXXXX`
    +if [ $? -ne 0 ]; then
    + echo "$0: mktemp cannot create temporary file."
    + exit 1
    +fi
    +
    +ETEMPFILE=`/bin/mktemp /tmp/igawk.e.XXXXXX`
    +#ETEMPFILE=`/bin/mktemp ${TMPDIR:-/tmp}/igawk.e.XXXXXX`
    +if [ $? -ne 0 ]; then
    + echo "$0: mktemp cannot create temporary file."
    + exit 1
    +fi
    +
     if [ "$1" = debug ]
     then
         set -x
         shift
     else
         # cleanup on exit, hangup, interrupt, quit, termination
    - trap 'rm -f /tmp/ig.[se].$$' 0 1 2 3 15
    + trap 'rm -f $STEMPFILE $ETEMPFILE' 0 1 2 3 15
     fi
     
     while [ $# -ne 0 ] # loop over arguments
    -27,26 +46,26
     
         -[vF]*) opts="$opts '$1'" ;;
     
    - -f) echo include "$2" >> /tmp/ig.s.$$
    + -f) echo include "$2" >> $STEMPFILE
                 shift;;
     
         -f*) f=`echo "$1" | sed 's/-f//'`
    - echo include "$f" >> /tmp/ig.s.$$ ;;
    + echo include "$f" >> $STEMPFILE ;;
     
         -?file=*) # -Wfile or --file
                 f=`echo "$1" | sed 's/-.file=//'`
    - echo include "$f" >> /tmp/ig.s.$$ ;;
    + echo include "$f" >> $STEMPFILE ;;
     
         -?file) # get arg, $2
    - echo include "$2" >> /tmp/ig.s.$$
    + echo include "$2" >> $STEMPFILE
                 shift;;
     
         -?source=*) # -Wsource or --source
                 t=`echo "$1" | sed 's/-.source=//'`
    - echo "$t" >> /tmp/ig.s.$$ ;;
    + echo "$t" >> $STEMPFILE ;;
     
         -?source) # get arg, $2
    - echo "$2" >> /tmp/ig.s.$$
    + echo "$2" >> $STEMPFILE
                 shift;;
     
         -?version)
    -61,19 +80,19
         shift
     done
     
    -if [ ! -s /tmp/ig.s.$$ ]
    +if [ ! -s $STEMPFILE ]
     then
         if [ -z "$1" ]
         then
              echo igawk: no program! 1>&2
              exit 1
         else
    - echo "$1" > /tmp/ig.s.$$
    + echo "$1" > $STEMPFILE
             shift
         fi
     fi
     
    -# at this point, /tmp/ig.s.$$ has the program
    +# at this point, $STEMPFILE has the program
     gawk -- '
     # process include directives
     function pathto(file, i, t, junk)
    -123,7 +142,7
             }
             close(input[stackptr])
         }
    -}' /tmp/ig.s.$$ > /tmp/ig.e.$$
    -eval gawk -f /tmp/ig.e.$$ $opts -- "$"
    +}' $STEMPFILE > $ETEMPFILE
    +eval gawk -f $ETEMPFILE $opts -- "$"
     
     exit $?

    --------------------

    Also some scripts from gzip (zdiff, znew) use similar tempfiles.
    ( At least Michal Zalewski has found the same problems a while ago:
    http://security-archive.merton.ox.ac.uk/linux-security-199803/0031.html )

    -Jarno